-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libc: FORTIFY: strncpy: detected read past end of 32-byte buffer #52
Comments
Hi It's true that using 'sizeof(vgid) - 1' or ID_LEN would be sufficient here, Still the buffer is sized as ID_LEN+1 and '\0' is written after the call strncpy(). Can you rather share you 'coredump' trace or at least -vvvv log |
The write side is fine as you say, its the read from vg->id.uuid that whilst is normally fine, it reads an extra byte which is later overwritten. In the specific case of running within the android recovery context (which enforces the use of FORTIFY) does a test on both the read and write side of strncpy and so causes the crash. |
Ahh ok - so it's purely crashing your enforced fortified build - not a normal build - since the access is normally embedded into a volume_group structure so it should not cause any troubles. |
Changed upstream with this commit: |
I've been compiling lvm2 within the android recovery context, it crashes on many commands (eg vgdisplay) due to the metadata reading past the end of a non-null terminated uuid whilst adding a null terminator to a copy.
It wont actually cause any problems as the next line overwrites the stray random character with a '\0'.
Probably worth fixing upstream too though?
output:
libc: FORTIFY: strncpy: detected read past end of 32-byte buffer
Suggested fix
in:
_check_devs_used_correspond_with_vg
from:
strncpy(vgid, (const char *) vg->id.uuid, sizeof(vgid));
to:
strncpy(vgid, (const char *) vg->id.uuid, ID_LEN);
https://github.com/lvmteam/lvm2/blob/master/lib/metadata/metadata.c#L3448
The text was updated successfully, but these errors were encountered: