Possible buffer overflow
milabs opened this issue · 1 comments
Line 383 in a1bbcea
PATH_MAX is not enough to have as buffer size as it may be the reason of overflow in fgets used below
Probably, it's better to use something like char buf[PATH_MAX + 128] ...
UPDATE:
Here is the kernel part which generates content of /proc/self/maps and there are no explicit limits in line length: https://elixir.bootlin.com/linux/latest/source/fs/proc/task_mmu.c#L300
PATH_MAXis not enough to have as buffer size as it may be the reason of overflow in fgets used below
There is no buffer overflow. Because fgets writes at most PATH_MAX bytes to buf even when one line is longer than PATH_MAX. However when a line is too long and the line after PATH_MAX bytes is accidentally similar format with the beginning of a line, plthook may read it as memory protection mode of a memory region. I fixed it by ecb60c6.