On Mon, 28 Aug 2023 12:57:19 +0200 Corinna Vinschen wrote: > On Aug 28 18:46, Takashi Yano wrote: > > Previously, the number of command line args was not checked for > > cygwin process. Due to this, segmentation fault was caused if too > > many command line args are specified. > > https://cygwin.com/pipermail/cygwin/2023-August/254333.html > > > > Since char *argv[argc + 1] is placed on the stack in dll_crt0_1(), > > STATUS_STACK_OVERFLOW occurs if the stack does not have enough > > space. > > > > With this patch, the total length of the arguments and the size of > > argv[] is restricted to 1/4 of total stack size for the process, and > > spawnve() returns E2BIG if the size exceeds the limit. > > [...] > > +static size_t > > +get_stack_size (const WCHAR *filename) > > +{ > > + HANDLE h; > > + h = CreateFileW (filename, GENERIC_READ, FILE_SHARE_READ, > > + NULL, OPEN_EXISTING, 0, NULL); > > + char buf[1024]; > > + DWORD n; > > + ReadFile (h, buf, sizeof (buf), &n, 0); > > + CloseHandle (h); > > + IMAGE_NT_HEADERS32 *p = (IMAGE_NT_HEADERS32 *) memmem (buf, n, "PE\0\0", > > 4); > > + if (!p) > > + return 0; > > + if ((char *) &p->OptionalHeader.SizeOfStackCommit > buf + n) > > + return 0; /* buf[] is not enough */ > > + if (p->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) > > + return p->OptionalHeader.SizeOfStackReserve; > > + IMAGE_NT_HEADERS64 *p64 = (IMAGE_NT_HEADERS64 *) p; > > + if ((char *) &p64->OptionalHeader.SizeOfStackCommit > buf + n) > > + return 0; /* buf[] is not enough */ > > + return p64->OptionalHeader.SizeOfStackReserve; > > +} > > Sorry, but this proposal is too complicated, IMHO. > > Checking the stacksize in the file header for each single execve > is quite a bit time consuming, isn't it? > > The question is rather, why storing argv on the stack at all? I guess > the original idea was that argv is always a rather overseeable number. > But it doesn't have to stay on the stack. > > I tried this simple patch: > > diff --git a/winsup/cygwin/dcrt0.cc b/winsup/cygwin/dcrt0.cc > index 49b7a44aeb15..961dea4ab993 100644 > --- a/winsup/cygwin/dcrt0.cc > +++ b/winsup/cygwin/dcrt0.cc > @@ -978,11 +978,8 @@ dll_crt0_1 (void *) > a change to an element of argv[] it does not affect Cygwin's argv. > Changing the the contents of what argv[n] points to will still > affect Cygwin. This is similar (but not exactly like) Linux. */ > - char *newargv[__argc + 1]; > - char **nav = newargv; > - char **oav = __argv; > - while ((*nav++ = *oav++) != NULL) > - continue; > + char **newargv = (char **) malloc ((__argc + 1) * sizeof (char **)); > + memcpy (newargv, __argv, (__argc + 1) * sizeof (char **)); > /* Handle any signals which may have arrived */ > sig_dispatch_pending (false); > _my_tls.call_signal_handler (); > > and the testcase `LC_ALL=C sed 's/x/y/' $(seq 1000000)' simply ran > as desired. Combined with a bit of error checking... > > > diff --git a/winsup/cygwin/sysconf.cc b/winsup/cygwin/sysconf.cc > > index 2db92e4de..6cb2aecd0 100644 > > --- a/winsup/cygwin/sysconf.cc > > +++ b/winsup/cygwin/sysconf.cc > > @@ -21,6 +21,13 @@ details. */ > > #include "cpuid.h" > > #include "clock.h" > > > > +#define DEFAULT_STACKGUARD (wincap.def_guard_page_size() + > > wincap.page_size ()) > > +static long > > +get_arg_max (int in) > > +{ > > + return (long) (get_rlimit_stack () + DEFAULT_STACKGUARD) / 4; > > +} > > + > > static long > > get_page_size (int in) > > { > > @@ -485,7 +492,7 @@ static struct > > }; > > } sca[] = > > { > > - {cons, {c:ARG_MAX}}, /* 0, _SC_ARG_MAX */ > > + {func, {f:get_arg_max}}, /* 0, _SC_ARG_MAX */ > > {cons, {c:CHILD_MAX}}, /* 1, _SC_CHILD_MAX */ > > {cons, {c:CLOCKS_PER_SEC}}, /* 2, _SC_CLK_TCK */ > > {cons, {c:NGROUPS_MAX}}, /* 3, _SC_NGROUPS_MAX */ > > -- > > 2.39.0 > > Along these lines, there's no reason to couple SC_ARG_MAX to the > size of the stack. I'd propose to return the value 2097152. It's > the default value returned by getconf ARG_MAX on LInx as well.
What happens if user allocate stack whose size is not enough for 2097152? -- Takashi Yano <takashi.y...@nifty.ne.jp>