readlink(2) returns incorrect size for /proc/self/exe
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Expired
|
Undecided
|
Unassigned |
Bug Description
readlink(2) seems to ignore the size of supplied buffer for the resolved name and always returns the actual size of the resolved name instead.
Steps to reproduce:
```bash
echo '#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, const char** argv)
{
if(argc < 2) exit(1);
char buf[1];
printf("%d\n", readlink(argv[1], buf, sizeof(buf)));
}' >test.c
# I used GCC mipsel cross-compiler to reproduce this bug
mipsel-
echo "PWD: `pwd`"
qemu-mipsel ./a.out /proc/self/exe
```
Expected output (observed when running a.out natively on Linux 4.17 amd64):
```
PWD: /tmp/test
1
```
Output observed when running with qemu-mipsel 2.1.2:
```
PWD: /tmp/test
15
```
According to POSIX description of readlink [1], the function shall return the number of bytes written to the supplied buffer, which obviously cannot exceed size of the buffer.
Note that the bug is only reproduced with links within /proc filesystem; links to the regular files within /home are resolved normally.
The bug is present in qemu-mipsel 2.1.2:
# qemu-mipsel -version
qemu-mipsel version 2.1.2 (Debian 1:2.1+dfsg-
[1]: http://
summary: |
- readlink(2) returns invalid size for /proc/self/exe + readlink(2) returns incorrect size for /proc/self/exe |
Changed in qemu: | |
status: | Incomplete → New |
The QEMU project is currently considering to move its bug tracking to another system. For this we need to know which bugs are still valid and which could be closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch the state back to "New" within the next 60 days, otherwise this report will be marked as "Expired". Or mark it as "Fix Released" if the problem has been solved with a newer version of QEMU already. Thank you and sorry for the inconvenience.