[Bug 57691] New: wine-mono: ASan gets triggered in mono_path_canonicalize with strcpy-param-overlap.
https://bugs.winehq.org/show_bug.cgi?id=57691
Bug ID: 57691 Summary: wine-mono: ASan gets triggered in mono_path_canonicalize with strcpy-param-overlap. Product: Wine Version: 10.0-rc6 Hardware: x86-64 OS: Linux Status: NEW Severity: minor Priority: P2 Component: mscoree Assignee: wine-bugs@winehq.org Reporter: bernhardu@mailbox.org Distribution: ---
Created attachment 77881 --> https://bugs.winehq.org/attachment.cgi?id=77881 asan_2025-01-18_17-11-19_.1748
Hello, I tried getting wine being built with ASan (PE side) enabled. [1] And tried running on this build the wine conformance tests.
One place where ASan gets triggered is in mono\mono\utils\mono-path.c [2]: 90 if (dest != lastpos) strcpy (dest, lastpos);
ERROR: AddressSanitizer: strcpy-param-overlap
A few lines above (line 74) there is the possibility of the strings overlapping mentioned and a memmove used.
Attached file contains the full output of one ASan event.
Would it be valuable to replace the `strcpy (dest, lastpos);` by a `memmove (dest, lastpos, strlen(lastpos) + 1)`?
[1] https://gitlab.winehq.org/bernhardu/wine/-/blob/asan-pe_2024-12-29/README.md [2] https://gitlab.winehq.org/mono/mono/-/blame/main/mono/utils/mono-path.c#L90
https://bugs.winehq.org/show_bug.cgi?id=57691
Bernhard Übelacker bernhardu@mailbox.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, source Distribution|--- |Debian
https://bugs.winehq.org/show_bug.cgi?id=57691
Esme Povirk madewokherd@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |madewokherd@gmail.com
--- Comment #1 from Esme Povirk madewokherd@gmail.com --- Yep, strcpy is documented as undefined behavior if the strings overlap, we should change that to memmove.
-
WineHQ Bugzilla