GNU bug report logs - #6149
24.0.50; shell buffer overflow when input longer than 4096 bytes

Previous Next

Full log

View this message in rfc822 format

From: Spencer Baugh <sbaugh <at> janestreet.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 6149 <at> debbugs.gnu.org, Dmitry Gutov <dmitry <at> gutov.dev>, Paul Eggert <eggert <at> cs.ucla.edu>, monnier <at> iro.umontreal.ca, jidanni <at> jidanni.org
Subject: bug#6149: bug#24531: process-send-string seems to truncate lines over 4096 characters
Date: Thu, 27 Jul 2023 09:59:53 -0400

Eli Zaretskii <eliz <at> gnu.org> writes:
>> Date: Thu, 27 Jul 2023 04:48:18 +0300
>> Cc: 24531 <at> debbugs.gnu.org, 6149 <at> debbugs.gnu.org,
>>  Stefan Monnier <monnier <at> iro.umontreal.ca>, jidanni <at> jidanni.org
>> From: Dmitry Gutov <dmitry <at> gutov.dev>
>> 
>> If some syscall or etc limits the length of a string to 4096, can't we 
>> detect this case, split the string and emit said call multiple times?
>> 
>> This function's docstring already mentions the case of
>> 
>>    If STRING is larger than the input buffer of the process, ...
>>    it is sent in several bunches

Alas it's far more cursed than that.  The length of a *line* is limited
to 4096 characters.  So regardless of how big or small your buffers for
writing are, if you write more than 4095 characters before writing a
newline, the remaining characters will be discarded.  There is no way to
prevent this with ptys.

So even if we wrote one character at a time, characters would start
getting dropped after writing 4095 non-newline characters.

>
> AFAIU, that is based on the errno value returned by a 'write' call
> which attempts to write too many bytes (see the would_block function).
> I guess writes to PTYs don't do that?

Writes to PTYs do tell us when the data has been truncated.  There's
just nothing we can do with that information.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.