You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Calling an ioctl defined by ioctl_none! has a chance to access some memory it shouldn't when preparations have been made to push a buffer to stdout (specifically the length of the buffer) without flushing. For example:
// example from kvm bindings I've been writing. vcpu,run() is a pure wrapper around the KVM_RUN ioctl, with that very ioctl being the first function it calls.print!("abcdefghijklmnop");
vcpu.run().unwrap();
strace output from the above example:
ioctl(5, KVM_RUN, 0x10) = -1 EINVAL (Invalid Argument) //same length as that string above...
this is explicitly a problem when emulating, for example, uart serial communication with KVM, as it's pretty common practice to throw out characters 1 by 1 as you receive them. this should be (in theory) as simple to fix as explicitly passing 0 to ioctl calls in ioctl_none*! macros.
The text was updated successfully, but these errors were encountered:
I have! The macro right now expands out to a call to ioctl leaving the first vararg unspecified. This (as I understand it) is incorrect, given that glibc will look for one vararg whether or not it should, and leads to grabbing some arbitrary value off of the stack as that third argument.
Calling an ioctl defined by ioctl_none! has a chance to access some memory it shouldn't when preparations have been made to push a buffer to stdout (specifically the length of the buffer) without flushing. For example:
strace output from the above example:
but, when explicitly flushing the buffer...
strace output now:
this is explicitly a problem when emulating, for example, uart serial communication with KVM, as it's pretty common practice to throw out characters 1 by 1 as you receive them. this should be (in theory) as simple to fix as explicitly passing 0 to ioctl calls in ioctl_none*! macros.
The text was updated successfully, but these errors were encountered: