Closed l2dy closed 10 months ago
Thanks for the report, but I have difficulty interpreting the message from the address sanitizer.
The third parameter to the wcsnrtombs
function is of type size_t
, which is an unsigned integer and can't be negative.
The parameter specifies the maximum number of characters to be converted, which is irrelevant to the actual size of arrays involved. Maybe the sanitizer is incorrectly configured to perform some check about this parameter?
PS: To print a size_t
value, you should be using %zu
rather than %ld
.
You are right. After further investigation, this seems to be a bug in AddressSanitizer. https://github.com/google/sanitizers/issues/1524
However, this makes me wonder if wcsrtombs
should be used instead when size is not specified. We don't have a buffer as big as Size_max
anyway, and size_t len
is still there to prevent buffer overflow. Why use such a large number here?
Defining sb_wcscat
as a special case of sb_wcsncat
is much simpler than defining them as separate functions that are very similar but differ only in one line that calls either wcsrtombs
or wcsnrtombs
.
sb_wcscat
is defined as: https://github.com/magicant/yash/blob/2e02670ad531ea8ac445217ce70d32915c736709/strbuf.h#L322C1-L328
Defining
sb_wcscat
as a special case ofsb_wcsncat
is much simpler than defining them as separate functions that are very similar but differ only in one line that calls eitherwcsrtombs
orwcsnrtombs
.
Yes, but we already have sb_wcscat
and malloc_wcstombs
for systems without wcsnrtombs
anyway. Could they be enabled on all systems? https://github.com/magicant/yash/blob/2e02670ad531ea8ac445217ce70d32915c736709/strbuf.c#L233-L236
Hmm, I don't want to bloat the binary just to make the misbehaving analyzer happy.
Sure. Closing this issue then. Thanks for taking a look!
Describe the bug
yash
crashes on start when built with AddressSanitizer.With the following debug patch applied, variable
n
passed towcsnrtombs()
is -1 in the last round of decomposing PATH, resulting in a crash in AddressSanitizer.Output:
To Reproduce Steps to reproduce the behavior:
./configure
without-fsanitize=address
in CFLAGS and LDFLAGS-fsanitize=address
to both flagsmake yash
PATH="/usr/bin:/bin:/usr/sbin:/sbin" ./yash
nwc=-1
Expected behavior Yash does not crash with AddressSanitizer.
Screenshots (without patch)
Environment (please complete the following information):
-g -O0 -fsanitize=address
Additional context N/A