Skip to content

Fix stack overflow in dlt-covert #800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ShangzhiXu wants to merge 2 commits into from
Closed

Fix stack overflow in dlt-covert #800

ShangzhiXu wants to merge 2 commits into from

Conversation

@ShangzhiXu
Copy link

@ShangzhiXu ShangzhiXu commented Dec 25, 2025
edited
Loading

Hi team,

Regarding #793
I designed a new buffer to avoid the usage of origin argc and argv

More details in the second commit
Fix stack overflow in dlt-covert

it works on my machine to prevent the overflow

Before fix:

root@server:/home/shangzhi/fuz/fix/dlt-daemon/build-asan# ./poc.sh
[*] Flooding directory with 5000 files...
AddressSanitizer:DEADLYSIGNAL
=================================================================
==519997==ERROR: AddressSanitizer: stack-overflow on address 0x7ffda4b00000 (pc 0x556e521f9720 bp 0x7ffda4afeae0 sp 0x7ffda4afb820 T0)
    #0 0x556e521f9720 in main /home/shangzhi/fuz/fix/dlt-daemon/src/console/dlt-convert.c:409
    #1 0x7fe9c8e29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #2 0x7fe9c8e29e3f in __libc_start_main_impl ../csu/libc-start.c:392
    #3 0x556e521f7704 in _start (/home/shangzhi/fuz/fix/dlt-daemon/build-asan/src/console/dlt-convert+0x3704)

SUMMARY: AddressSanitizer: stack-overflow /home/shangzhi/fuz/fix/dlt-daemon/src/console/dlt-convert.c:409 in main
==519997==ABORTING

After fix

root@server:/home/shangzhi/fuz/fix/dlt-daemon/build-asan# ./poc.sh
[*] Flooding directory with 5000 files...

@ShangzhiXu ShangzhiXu closed this Dec 25, 2025
@ShangzhiXu ShangzhiXu reopened this Dec 25, 2025
minminlittleshrimp
minminlittleshrimp reviewed Dec 25, 2025
View reviewed changes
Copy link
Collaborator

@minminlittleshrimp minminlittleshrimp left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ShangzhiXu
Hello,
Your approach seems fine and make sense to me. I shall take time reproducing your finding (threat) and if things fine then we can merge this patch.

These kinds of finding are very nice in term of secure coding, we now not just make things run, but make it run safely!

@ShangzhiXu ShangzhiXu closed this Dec 26, 2025
@ShangzhiXu ShangzhiXu deleted the fix-stackoob branch December 26, 2025 07:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@minminlittleshrimp minminlittleshrimp minminlittleshrimp left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ShangzhiXu @minminlittleshrimp