Opened 14 years ago
Closed 14 years ago
#61 closed defect (fixed)
CMT crashes with SEGV whan handling file paths longer than 256 bytes
Reported by: | Owned by: | arnault | |
---|---|---|---|
Priority: | normal | Milestone: | v1r20 |
Component: | a. Usage | Version: | |
Severity: | critical | Keywords: | |
Cc: | Francesco.Prelz@…, David.Rebatto@… | OS: | Linux |
If Other, could you precise: | Experiment: | Atlas | |
If Other, could you precise: | |||
Stack trace: |
Program terminated with signal 11, Segmentation fault.
(...) #0 0x0808c5e8 in cmt_string::operator+= (this=0xbff24fc0, text=0x4e5a6654 <Address 0x4e5a6654 out of bounds>) at ../source/cmt_string.cxx:164 #1 0x0808f5b9 in CmtSystem::cd (dir=@0xbff24f00) at ../source/cmt_system.cxx:94 #2 0x0806b908 in Cmt::guess_current_project () at ../source/cmt_parser.cxx:4576 #3 0x0807302f in Cmt::configure (ap=@0xbff25110) at ../source/cmt_parser.cxx:551 #4 0x08080be9 in Cmt::parser (argc=2, argv=0xbff25244) at ../source/cmt_parser.cxx:5429 #5 0x08049aa7 in main (argc=2, argv=0xbff25244) at ../source/cmt.cxx:16 |
||
Steps to reproduce: |
Description
Acting on reports of ATLAS code consistently failing at the Milan site, I tracked down the failure to a stack corruption originating from CmtSystem::pwd.
Pathnames up to 4kbytes long are legal in Linux, and we accidentally found ourselves operating in a directory whose name is exactly 256 bytes long (257 with the terminating NULL).
The following code in cmt_system.cxx, still present in the CMT code tracker HEAD, causes a memory overwrite with undefined results whenever the contents of the PWD environment are longer or equal to 256 bytes.
64 cmt_string CmtSystem::pwd () 65 { 66 char buffer[256] = ""; 67 char* ptr = 0; 68 char* pwd_env = 0; 69 70 pwd_env = ::getenv ("PWD"); 71 72 if (pwd_env != 0) 73 { 74 strcpy (buffer, pwd_env); 75 }
In other calls used on Linux (getwd, realpath_) paths longer that 256 bytes are truncated with equally undefined results. The size of the fixed buffer should be set to at least PATH_MAX+1, if PATH_MAX is defined, or dynamic buffers should be used if possible (which is the case for the getenv() call above).
For the time being, we'll look for workarounds to make the directory names shorter: we have very little controls on the way they are built, however.
Change History (2)
comment:1 Changed 14 years ago by
comment:2 Changed 14 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
This is now resolved in version CMT v1r21.
This is now resolved in the HEAD.