[Bug 57691] New: wine-mono: ASan gets triggered in mono_path_canonicalize with strcpy-param-overlap.
https://bugs.winehq.org/show_bug.cgi?id=57691
Bug ID: 57691 Summary: wine-mono: ASan gets triggered in mono_path_canonicalize with strcpy-param-overlap. Product: Wine Version: 10.0-rc6 Hardware: x86-64 OS: Linux Status: NEW Severity: minor Priority: P2 Component: mscoree Assignee: wine-bugs@winehq.org Reporter: bernhardu@mailbox.org Distribution: ---
Created attachment 77881 --> https://bugs.winehq.org/attachment.cgi?id=77881 asan_2025-01-18_17-11-19_.1748
Hello, I tried getting wine being built with ASan (PE side) enabled. [1] And tried running on this build the wine conformance tests.
One place where ASan gets triggered is in mono\mono\utils\mono-path.c [2]: 90 if (dest != lastpos) strcpy (dest, lastpos);
ERROR: AddressSanitizer: strcpy-param-overlap
A few lines above (line 74) there is the possibility of the strings overlapping mentioned and a memmove used.
Attached file contains the full output of one ASan event.
Would it be valuable to replace the `strcpy (dest, lastpos);` by a `memmove (dest, lastpos, strlen(lastpos) + 1)`?
[1] https://gitlab.winehq.org/bernhardu/wine/-/blob/asan-pe_2024-12-29/README.md [2] https://gitlab.winehq.org/mono/mono/-/blame/main/mono/utils/mono-path.c#L90
https://bugs.winehq.org/show_bug.cgi?id=57691
Bernhard Übelacker bernhardu@mailbox.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, source Distribution|--- |Debian
https://bugs.winehq.org/show_bug.cgi?id=57691
Esme Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |madewokherd@gmail.com
--- Comment #1 from Esme Povirk madewokherd@gmail.com --- Yep, strcpy is documented as undefined behavior if the strings overlap, we should change that to memmove.
http://bugs.winehq.org/show_bug.cgi?id=57691
--- Comment #2 from Bernhard Übelacker bernhardu@mailbox.org --- Submitted merge request: https://gitlab.winehq.org/mono/mono/-/merge_requests/151
http://bugs.winehq.org/show_bug.cgi?id=57691
LingM lingm+winebz@posteo.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |lingm+winebz@posteo.org
--- Comment #3 from LingM lingm+winebz@posteo.org --- That MR has since been merged. Should be fixed?
http://bugs.winehq.org/show_bug.cgi?id=57691
--- Comment #4 from Bernhard Übelacker bernhardu@mailbox.org --- (In reply to LingM from comment #3)
That MR has since been merged. Should be fixed?
It got committed in Framework Mono [1]. But I fear current wine git still uses Wine Mono 10.2.0 [2], which imports still a Framework Mono before that commit [3].
From a wine perspective I planned to resolve this bug when the next Wine Mono release gets used by Wine?
[1] https://gitlab.winehq.org/mono/mono/-/commit/dee6acaeb59e46661efd4ca2018cdd1... [2] https://gitlab.winehq.org/wine/wine/-/blob/master/dlls/appwiz.cpl/addons.c#L... [3] https://gitlab.winehq.org/mono/wine-mono/-/commits/wine-mono-10.2.0?ref_type...
http://bugs.winehq.org/show_bug.cgi?id=57691
--- Comment #5 from LingM lingm+winebz@posteo.org --- Right, different repos. Sorry for the noise.
http://bugs.winehq.org/show_bug.cgi?id=57691
Bernhard Übelacker bernhardu@mailbox.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Fixed by SHA1| |d76b59d5c021ea5da49d1e1430c | |1d33bee874418 Resolution|--- |FIXED
--- Comment #6 from Bernhard Übelacker bernhardu@mailbox.org --- The mono modifcation should now get used after wine-mono switching to 10.3.0, therefore marking as resolved-fixed.
http://bugs.winehq.org/show_bug.cgi?id=57691
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #7 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 10.17.
-
WineHQ Bugzilla