Created attachment 1281999 [details] patch / fix Description of problem: Testing the lvm command line tool with address sanitizer uncovers an invalid memory read happening in the function copy_line.c Version-Release number of selected component (if applicable): LVM2.2.02.171 How reproducible: always Steps to Reproduce: 1. compile LVM2 with address sanitizer 2. run tools/lvm 3. see error Actual results: ASAN reports global buffer overflow Expected results: Tool starts normally. Additional info: This is the affected code in the function copy_line(): while (1) { line[i] = _command_input[p]; i++; p++; if (_command_input[p] == '\n') { p++; break; } if (i == (max_line - 1)) break; } This will read until a newline and then exit the loop. However the calling function define_commands() assumes a trailing newline in the returned string to mark the end of the string. It will also use a check of the form if (line[0] == '\n') to check whether we're at the end of parsing the command string. This obviously only works if the newline byte is also copied by copy_line, which it isn't. A possible solution is to switch the increasing of the i and p variables and the check for the newline byte in copy_line, thus making sure that it's only checked after the newline character is already copied: while (1) { line[i] = _command_input[p]; if (_command_input[p] == '\n') { p++; break; } i++; p++; if (i == (max_line - 1)) break; } I'll attach a patch to do this.
Created attachment 1282002 [details] address sanitizer error / stack trace
thanks, will put this in soon, there seems to be no actual problem since \n isn't actually needed in practice.
There's recently been a new version of lvm2, yet this has been ignored since I reported it. Anything I can do so you'll actually review this and commit it? It's a pretty straightforward bug and fix.
The patch appears to cause a segfault /bin/sh: line 1: 15696 Segmentation fault ../tools/man-generator --primary lvmconfig > test.gen
Is this the same error? ``` # lvm lvm> version LVM version: 2.03.24(2) (2024-05-16) Library version: 1.02.198 (2024-05-16) Driver version: 4.48.0 Configuration: ./configure CONFIG_SHELL=/bin/bash --prefix=/usr --sbindir=/usr/bin --sysconfdir=/etc --localstatedir=/var --enable-cmdlib --enable-dmeventd --enable-lvmpolld --enable-pkgconfig --enable-readline --enable-udev_rules --enable-udev_sync --enable-write_install --with-cache=internal --with-default-dm-run-dir=/run --with-default-locking-dir=/run/lock/lvm --with-default-pid-dir=/run --with-default-run-dir=/run/lvm --with-libexecdir=/usr/lib/lvm2 --with-systemdsystemunitdir=no --with-thin=internal --with-udev-prefix=/usr lvm> help foo foo - (null) fish: Job 1, 'lvm' terminated by signal SIGSEGV (Address boundary error) ```