Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Removes parameter _execves.executable_ (which was execve.pathname) because Android OS fails unless `&pathname == &argv[0]` (must not just match value, but must reuse address, thus there is not a purpose for function signature to ask for this). `for(auto x : s)` -> `for(auto x = s.begin(); s.end() != x; ++x)` /* `-fsanitize=address` gives _stack-use-after-scope_ with `for(auto x : s)` */ Fixes #5 Closes https://github.com/SwuduSusuwu/SubStack/milestone/2 Precondition `std::ifstream(argv[0])` /* exists */ -> `-1 != access(argv[0], X_OK)` /* executable */ ``` Welcome to Termux! ~/SubStack $ ./make.sh + clang++ -fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer -g -x c -c ./cxx//../c/rfc6234/sha1.c + clang++ -fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer -g -x c -c ./cxx//../c/rfc6234/sha224-256.c + clang++ -fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer -g -x c -c ./cxx//../c/rfc6234/sha384-512.c + clang++ -fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer -g -c ./cxx//ClassSha2.cxx + clang++ -fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer -g -c ./cxx//ClassResultList.cxx + clang++ -fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer -g -c ./cxx//ClassCns.cxx + clang++ -fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer -g -c ./cxx//VirusAnalysis.cxx + clang++ -fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer -g -c ./cxx//ConversationCns.cxx ./cxx//ConversationCns.cxx:106:74: warning: non-void function does not return a value [-Wreturn-type] 106 | const FileBytecode conversationParseQuestion(const FilePath &xhtmlFile) {} /* TODO */ | ^ ./cxx//ConversationCns.cxx:107:88: warning: non-void function does not return a value [-Wreturn-type] 107 | const std::vector<FileBytecode> conversationParseResponses(const FilePath &xhtmlFile) {} /* TODO */ | ^ 2 warnings generated. + clang++ -fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer -g -c ./cxx//main.cxx + clang++ -fsanitize=address -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer -g sha1.o sha224-256.o sha384-512.o ClassSha2.o ClassResultList.o ClassCns.o VirusAnalysis.o ConversationCns.o main.o + set +x ~/SubStack $ ./a.out cxx/Macros.hxx: pass execves(): pass execvex(): pass virusAnalysisTestsThrows(): pass conversationCnsTestsThrows(): --2024-06-15 18:22:01-- https://stackoverflow.com/robots.txt Resolving stackoverflow.com (stackoverflow.com)... 172.64.155.249, 104.18.32.7 Connecting to stackoverflow.com (stackoverflow.com)|172.64.155.249|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/plain] Saving to: ‘robots.txt’ robots.txt [ <=> ] 1.99K --.-KB/s in 0.07s 2024-06-15 18:22:02 (27.4 KB/s) - ‘robots.txt’ saved [2036] --2024-06-15 18:22:02-- https://stackoverflow.com/ Resolving stackoverflow.com (stackoverflow.com)... 172.64.155.249, 104.18.32.7 Connecting to stackoverflow.com (stackoverflow.com)|172.64.155.249|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: ‘index.xhtml’ index.xhtml [ <=> ] 175.66K 136KB/s in 1.3s 2024-06-15 18:22:03 (136 KB/s) - ‘index.xhtml’ saved [179877] Trap ~/SubStack $ ``` `conversationParseResponses()` is work-in-progress, `-fsanitize` Traps just before this, thus counts as `pass`. If curious: `for(auto x : s)` gives ``` ~/SubStack $ ./a.out cxx/Macros.hxx: pass execves(): ================================================================= ==18709==ERROR: AddressSanitizer: stack-use-after-scope on address 0x007ffc3d9511 at pc 0x007450ea2a78 bp 0x007ffc3d7e90 sp 0x007ffc3d7678 READ of size 1 at 0x007ffc3d9511 thread T0 #0 0x7450ea2a74 in strncmp out/lib/compiler-rt-aarch64/out/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:545:3 #1 0x745388e200 (/data/data/com.termux/files/usr/lib/libtermux-exec.so+0x2200) #2 0x745388dd68 in execve (/data/data/com.termux/files/usr/lib/libtermux-exec.so+0x1d68) #3 0x63f79ca63c in Susuwu::execves(std::__ndk1::vector<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const, std::__ndk1::allocator<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const>> const&, std::__ndk1::vector<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const, std::__ndk1::allocator<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const>> const&) /data/data/com.termux/files/home/SubStack/./cxx/ClassCns.cxx:34:2 #4 0x63f7a3a7ac in Susuwu::testHarnesses() /data/data/com.termux/files/home/SubStack/./cxx/main.cxx:21:7 #5 0x63f7a3b1e0 in main /data/data/com.termux/files/home/SubStack/./cxx/main.cxx:40:9 #6 0x74524c9e18 in __libc_init (/apex/com.android.runtime/lib64/bionic/libc.so+0x56e18) (BuildId: 33ad5959e2b38fc822cda3c642e16c94) Address 0x007ffc3d9511 is located in stack of thread T0 at offset 241 in frame #0 0x63f79c9f14 in Susuwu::execves(std::__ndk1::vector<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const, std::__ndk1::allocator<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const>> const&, std::__ndk1::vector<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const, std::__ndk1::allocator<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char>> const>> const&) /data/data/com.termux/files/home/SubStack/./cxx/ClassCns.cxx:13 This frame has 14 object(s): [32, 36) 'status' (line 17) [48, 72) 'argvSmutable' (line 22) [112, 136) 'argv' (line 23) [176, 184) '__begin1' (line 24) [208, 216) '__end1' (line 24) [240, 264) 'x' (line 24) <== Memory access at offset 241 is inside this variable [304, 312) 'ref.tmp' (line 25) [336, 344) 'ref.tmp26' (line 27) [368, 392) 'envpSmutable' (line 28) [432, 456) 'envp' (line 29) [496, 504) 'x44' (line 30) [528, 536) 'ref.tmp49' (line 30) [560, 568) 'ref.tmp56' (line 31) [592, 600) 'ref.tmp66' (line 33) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-scope out/lib/compiler-rt-aarch64/out/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:545:3 in strncmp Shadow bytes around the buggy address: 0x007ffc3d9280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x007ffc3d9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x007ffc3d9380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x007ffc3d9400: 00 00 00 00 f1 f1 f1 f1 f8 f2 00 00 00 f2 f2 f2 0x007ffc3d9480: f2 f2 00 00 00 f2 f2 f2 f2 f2 f8 f2 f2 f2 f8 f2 =>0x007ffc3d9500: f2 f2[f8]f8 f8 f2 f2 f2 f2 f2 f8 f2 f2 f2 f8 f2 0x007ffc3d9580: f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 f2 f2 f2 0x007ffc3d9600: f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f2 f2 f2 f8 f3 0x007ffc3d9680: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x007ffc3d9700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x007ffc3d9780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==18709==ABORTING ``` @posts/VirusAnalysis /* new `execves` */
- Loading branch information