RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 13:47:45 +00:00
Code Issues Activity Actions

Kernel: Do not try to print the string that cannot be read

Browse source 
What a silly bug :^)

Found by fuzz-syscalls. Can be reproduced by running this in the Shell:

    $ syscall set_thread_name 14 14 14
This commit is contained in:
Ben Wiederhake 2021-02-11 19:15:33 +01:00 committed by Andreas Kling
parent 1e630fb78a
commit 4c42d1e35a
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Kernel/StdLib.cpp
View file

@ -42,7 +42,7 @@ String copy_string_from_user(const char* user_str, size_t user_str_size)
void* fault_at; void* fault_at;
ssize_t length = Kernel::safe_strnlen(user_str, user_str_size, fault_at); ssize_t length = Kernel::safe_strnlen(user_str, user_str_size, fault_at);
if (length < 0) { if (length < 0) {
klog() << "copy_string_from_user(" << user_str << ", " << user_str_size << ") failed at " << VirtualAddress(fault_at) << " (strnlen)"; klog() << "copy_string_from_user(" << static_cast<const void*>(user_str) << ", " << user_str_size << ") failed at " << VirtualAddress(fault_at) << " (strnlen)";
return {}; return {};
} }
if (length == 0) if (length == 0)
@ -51,7 +51,7 @@ String copy_string_from_user(const char* user_str, size_t user_str_size)
char* buffer; char* buffer;
auto copied_string = StringImpl::create_uninitialized((size_t)length, buffer); auto copied_string = StringImpl::create_uninitialized((size_t)length, buffer);
if (!Kernel::safe_memcpy(buffer, user_str, (size_t)length, fault_at)) { if (!Kernel::safe_memcpy(buffer, user_str, (size_t)length, fault_at)) {
klog() << "copy_string_from_user(" << user_str << ", " << user_str_size << ") failed at " << VirtualAddress(fault_at) << " (memcpy)"; klog() << "copy_string_from_user(" << static_cast<const void*>(user_str) << ", " << user_str_size << ") failed at " << VirtualAddress(fault_at) << " (memcpy)";
return {}; return {};
} }
return copied_string; return copied_string;