LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-20 09:49:15 +03:00
Code Issues Packages Projects Releases Wiki Activity

Kernel: Do not try to print the string that cannot be read

Browse Source 
What a silly bug :^)

Found by fuzz-syscalls. Can be reproduced by running this in the Shell:

    $ syscall set_thread_name 14 14 14
This commit is contained in:
Ben Wiederhake 2021-02-11 19:15:33 +01:00 committed by Andreas Kling
parent 1e630fb78a
commit 4c42d1e35a
Notes: sideshowbarker 2024-07-18 22:23:06 +09:00 
Author: https://github.com/BenWiederhake
Commit: https://github.com/SerenityOS/serenity/commit/4c42d1e35a2
Pull-request: https://github.com/SerenityOS/serenity/pull/5294
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Kernel/StdLib.cpp
View File

@ -42,7 +42,7 @@ String copy_string_from_user(const char* user_str, size_t user_str_size)
void* fault_at;
ssize_t length = Kernel::safe_strnlen(user_str, user_str_size, fault_at);
if (length < 0) {
klog() << "copy_string_from_user(" << user_str << ", " << user_str_size << ") failed at " << VirtualAddress(fault_at) << " (strnlen)";
klog() << "copy_string_from_user(" << static_cast<const void*>(user_str) << ", " << user_str_size << ") failed at " << VirtualAddress(fault_at) << " (strnlen)";
return {};
}
if (length == 0)
@ -51,7 +51,7 @@ String copy_string_from_user(const char* user_str, size_t user_str_size)
char* buffer;
auto copied_string = StringImpl::create_uninitialized((size_t)length, buffer);
if (!Kernel::safe_memcpy(buffer, user_str, (size_t)length, fault_at)) {
klog() << "copy_string_from_user(" << user_str << ", " << user_str_size << ") failed at " << VirtualAddress(fault_at) << " (memcpy)";
klog() << "copy_string_from_user(" << static_cast<const void*>(user_str) << ", " << user_str_size << ") failed at " << VirtualAddress(fault_at) << " (memcpy)";
return {};
}
return copied_string;