Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Piggybacking off / extending @Chris Dodd's answer, consider that <code>system</code> itself looks (oversimplified on purpose) like this:</p> <pre><code>int system(char *cmd) { pid_t pid = fork(); char *argv[4]; extern char **environ; if (pid == 0) { /* child */ argv[0] = "sh"; argv[1] = "-c"; argv[2] = cmd; argv[3] = NULL; execve("/bin/sh", argv, environ); _exit(127); } if (pid &lt; 0) ... handle error ... ... use OS wait() calls to wait for result from child process ... return status; /* as provided by sh -c, or from _exit(127) above */ } </code></pre> <p>Given "64 bit system" and "register appears to be lopped off at 32 bits" it might be worth doing an objdump on the code and seeing whether argv[2] is set from a register whose upper bits might be somehow lost during the <code>clone</code> call (where I have <code>fork</code> above, <code>glibc</code> is using <code>clone</code> for efficiency). <hr>Update: per the strace output, the clone call is not using <code>CLONE_VM</code> and <code>CLONE_VFORK</code> (not sure why not, these should make the call a lot more efficient) so the child is a "normal" child (a la old-Unix-style <code>fork</code>). A colleague suggested that perhaps the failing address is in a map that is set not to be copied into the child process. The contents of <code>/proc/self/maps</code> would be interesting after the failure; we could look at how the failing address is mapped. Comparing those maps with the ones in the child would be even more interesting. To get the ones in the child, though, you'll need to override the <code>glibc</code> version of <code>system</code>, and add something to read <code>/proc/self/maps</code> after the <code>execve</code> fails, before doing the <code>_exit</code>.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload