Re: Overrun when dumping core and more than 80 characters of arguments

Matthias Urlichs (smurf@work.smurf.noris.de)
10 May 1997 13:36:36 +0200

bert hubert <ahu@vvtp.tn.tudelft.nl> writes:
>
> When trying to dump core on an ELF system, it includes the first 80 bytes
> of arguments which were passed to the program. This is an char arguments[80]
> kind of string. If more than 80 characters were passed, the string is
> terminated like this: arguments[80]=0;, which results in an overrun to
> the inode pointer!
>
Oops...

> To fix this, use something like this patch, which works on anything I've
> tried since 2.0.27:
>
Not quite right, because you toss the last byte if the string happens to be
shorter.

Either replace the
len = len >= ELF_PRARGSZ ? ELF_PRARGSZ : len;
(two lines above your patch) with
len = (len >= ELF_PRARGSZ-1) ? ELF_PRARGSZ-1 : len;

or simply delete the
psinfo.pr_psargs[len] = 0;
line, depending on whether the core file's string needs to be zero-terminated.

> --- binfmt_elf.c Thu May 1 03:27:19 1997
> +++ binfmt_elf.c Thu May 1 03:28:05 1997
> @@ -1146,7 +1146,7 @@
> for(i = 0; i < len; i++)
> if (psinfo.pr_psargs[i] == 0)
> psinfo.pr_psargs[i] = ' ';
> - psinfo.pr_psargs[len] = 0;
> + psinfo.pr_psargs[len-1] = 0;
>
> set_fs(KERNEL_DS);
> }
> 

-- 
A day without fusion is like a day without sunshine.

-- 
Matthias Urlichs         \  noris network GmbH  /  Xlink-POP Nürnberg 
Schleiermacherstraße 12   \   Linux+Internet   /   EMail: urlichs@noris.de
90491 Nürnberg (Germany)   \    Consulting+Programming+Networking+etc'ing
   PGP: 1024/4F578875   1B 89 E2 1C 43 EA 80 44  15 D2 29 CF C6 C7 E0 DE
       Click <A HREF="http://info.noris.de/~smurf/finger">here</A>.    42