[Bug 57691] New: wine-mono: ASan gets triggered in mono_path_canonicalize with strcpy-param-overlap.
https://bugs.winehq.org/show_bug.cgi?id=57691 Bug ID: 57691 Summary: wine-mono: ASan gets triggered in mono_path_canonicalize with strcpy-param-overlap. Product: Wine Version: 10.0-rc6 Hardware: x86-64 OS: Linux Status: NEW Severity: minor Priority: P2 Component: mscoree Assignee: wine-bugs(a)winehq.org Reporter: bernhardu(a)mailbox.org Distribution: --- Created attachment 77881 --> https://bugs.winehq.org/attachment.cgi?id=77881 asan_2025-01-18_17-11-19_.1748 Hello, I tried getting wine being built with ASan (PE side) enabled. [1] And tried running on this build the wine conformance tests. One place where ASan gets triggered is in mono\mono\utils\mono-path.c [2]: 90 if (dest != lastpos) strcpy (dest, lastpos); ERROR: AddressSanitizer: strcpy-param-overlap A few lines above (line 74) there is the possibility of the strings overlapping mentioned and a memmove used. Attached file contains the full output of one ASan event. Would it be valuable to replace the `strcpy (dest, lastpos);` by a `memmove (dest, lastpos, strlen(lastpos) + 1)`? [1] https://gitlab.winehq.org/bernhardu/wine/-/blob/asan-pe_2024-12-29/README.md [2] https://gitlab.winehq.org/mono/mono/-/blame/main/mono/utils/mono-path.c#L90 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=57691 Bernhard Übelacker <bernhardu(a)mailbox.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, source Distribution|--- |Debian -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=57691 Esme Povirk <madewokherd(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |madewokherd(a)gmail.com --- Comment #1 from Esme Povirk <madewokherd(a)gmail.com> --- Yep, strcpy is documented as undefined behavior if the strings overlap, we should change that to memmove. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=57691 --- Comment #2 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- Submitted merge request: https://gitlab.winehq.org/mono/mono/-/merge_requests/151 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=57691 LingM <lingm+winebz(a)posteo.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lingm+winebz(a)posteo.org --- Comment #3 from LingM <lingm+winebz(a)posteo.org> --- That MR has since been merged. Should be fixed? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=57691 --- Comment #4 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- (In reply to LingM from comment #3)
That MR has since been merged. Should be fixed?
It got committed in Framework Mono [1]. But I fear current wine git still uses Wine Mono 10.2.0 [2], which imports still a Framework Mono before that commit [3].
From a wine perspective I planned to resolve this bug when the next Wine Mono release gets used by Wine?
[1] https://gitlab.winehq.org/mono/mono/-/commit/dee6acaeb59e46661efd4ca2018cdd1... [2] https://gitlab.winehq.org/wine/wine/-/blob/master/dlls/appwiz.cpl/addons.c#L... [3] https://gitlab.winehq.org/mono/wine-mono/-/commits/wine-mono-10.2.0?ref_type... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=57691 --- Comment #5 from LingM <lingm+winebz(a)posteo.org> --- Right, different repos. Sorry for the noise. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=57691 Bernhard Übelacker <bernhardu(a)mailbox.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Fixed by SHA1| |d76b59d5c021ea5da49d1e1430c | |1d33bee874418 Resolution|--- |FIXED --- Comment #6 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- The mono modifcation should now get used after wine-mono switching to 10.3.0, therefore marking as resolved-fixed. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=57691 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #7 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 10.17. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla