Hi,
On Mon, 11 Nov 2024 at 22:51, Alexey Khoroshilov <[email protected]> wrote:
> On 11.11.2024 16:35, Дмитрий Фролов wrote:
> Not allowed to read the exact memory area, because it is marked as freed.
>
> As far as I understand, heap-use-after-free means a situation when code
> allocates memory then frees it and then access it.
> Here the code just accesses invalid memory because of nonstandard main() call
> convention.
>
> If it is correct, the patch title could be "tests/qtest: make access to
> environment variables portable"
...
> Since this is UB, it does not matter, if a crash happens or not.
> ASAN just helps to highlight the hidden problem.
* It is not clear what is happening here. The third parameter
(**envp) looks widely supported.
-> https://www.gnu.org/software/libc/manual/html_node/Program-Arguments.html
Above document says and following program confirms '**envp' points to
the same address as '*environ' variable. It also says '**envp' is not
portable.
===
#define _GNU_SOURCE
#include <stdio.h>
#include <unistd.h>
int main(int argc, char *argv[], char **envp)
{
printf("environ: %p, envp: %p\n", environ, envp);
return 0;
}
$ cc -xc -o test test.c -lasan
$ ./test
environ: 0x7ffc5eb12168, envp: 0x7ffc5eb12168
===
> When saintizers are disabled, qos-test passes successfully.
> qos-test fails when qemu is built with enabled sanitizers
* That means Debian/clang has no qualms about the third parameter. It
is not a portability issue then. This Debian page also indicates usage
of '**envp' parameter ->
https://www.debian.org/doc/manuals/debian-reference/ch12.en.html.
* If both '*environ' and '**envp' point to the same address, why does
ASAN throw error with one and not with the other? Where is that memory
getting free'd?
* The patch looks fairly innocuous, but along with the commit message
it is confusing enough to review it. I'd be okay to review it if we
get some clarity about what is going on there.
Thank you.
---
- Prasad
