Re: building/using address-sanitizer-enabled emacs?

[Eli Zaretskii]

> From: Philipp Stephani <address@hidden>
> Date: Wed, 10 May 2017 22:24:49 +0000
> Cc: address@hidden, address@hidden
> 
>  Please show the detailed analysis, as I looked into that once and
>  concluded that the code is correct.
> 
> The full report is
> 
> =================================================================
> ==31024==ERROR: AddressSanitizer: stack-buffer-overflow on address 
> 0x7fff5fbfa690 at pc
> 0x0001003e6baf bp 0x7fff5fbfa4f0 sp 0x7fff5fbfa4e8
> READ of size 2 at 0x7fff5fbfa690 thread T0
> #0 0x1003e6bae in conv_sockaddr_to_lisp src/process.c:2497:34
> [...]
> The problem is here:
> 
> struct sockaddr_in sa1;
> socklen_t len1 = sizeof (sa1);
> if (getsockname (s, (struct sockaddr *)&sa1, &len1) == 0)
> contact = Fplist_put (contact, QClocal,
> conv_sockaddr_to_lisp ((struct sockaddr *)&sa1, len1));
> 
> sockaddr_in is too small for IPv6 addresses, so getsockname doesn't fill it 
> out completely. But
> conv_sockaddr_to_lisp only looks at the address family and attempts to read 
> out the entire IPv6 address,
> reading past the sa1 variable memory. Thus this needs to be sockaddr_storage, 
> which is guaranteed to be
> large enough for all supported addresses.
> Probably there should also be an eassert(len1 <= sizeof sa1) after the call 
> to getsockname, just to make
> sure. 

Indeed, I believe you are right.