1

Invalid read of size 8/ Syscall param execve(argv) points to unaddressable byte(s)

I spent the last few days lookin for the problem but I couldn't find it. the program is an attempt to create a simple shell. this is the error message that I'm getting:

> ==389== Invalid read of size 8
> ==389==    at 0x10B9C0: executor (shell.c:1696)
> ==389==    by 0x10BC3E: main (shell.c:1773)
> ==389==  Address 0x1ffefffad0 is on thread 1's stack
> ==389==  784 bytes below stack pointer
> ==389==
> ==389== Syscall param execve(argv) points to unaddressable byte(s)
> ==389==    at 0x49620FB: execve (syscall-template.S:120)
> ==389==    by 0x10BA0B: executor (shell.c:1702)
> ==389==    by 0x10BC3E: main (shell.c:1773)
> ==389==  Address 0x1ffefffad0 is on thread 1's stack
> ==389==  776 bytes below stack pointer

This is the executor function, I tried using gdb with valgrind and I managed to pinpoint exactly when the invalid read of size 8 occurs. it occurs at this line

pid_t pid = fork();

void executor(const CommandArgs *args)
{
    pid_t pid = fork();
    char *cmd_p;

    if (pid == -1)
    {
        perror("failed to fork");
        exit(EXIT_FAILURE);
    }
    else if (pid == 0)
    {
        cmd_p = pathfinder(args->data[0]);//line 1696
        if (cmd_p == NULL)
        {
            perror("Error");
            exit(EXIT_FAILURE);
        }
        execve(cmd_p, args->data, environ); //line 1702
        perror("execve");
        exit(EXIT_FAILURE);
    }
    else
    {
        wait(NULL);
    }
}

i think that the pathfinder function is the source of the problem so here it is

char* pathfinder(char* cmd)
{
    static char path[MAX_PATH_LEN];
    static char p_token[MAX_PATH_LEN];
    static char p_file[MAX_FILE_LEN];
    static char result[MAX_FILE_LEN];
    char *token, *path_ptr;
    struct stat buff;

    char* env_path = _getenv("PATH");
    if (env_path)
    {
        _strncpy(path, env_path, sizeof(path));
        path[sizeof(path) - 1] = '\0';

        path_ptr = path;
        token = _strtok_r(path_ptr, ":", &path_ptr);

        while (token != NULL)
        {
            _strncpy(p_token, token, sizeof(p_token));
            p_token[sizeof(p_token) - 1] = '\0';

            _strncpy(p_file, p_token, sizeof(p_file));
            p_file[sizeof(p_file) - 1] = '\0';

            _strncat(p_file, "/", sizeof(p_file) - _strlen(p_file) - 1);
            _strncat(p_file, cmd, sizeof(p_file) - _strlen(p_file) - 1);

            if (stat(p_file, &buff) == 0)
            {
                _strncpy(result, p_file, sizeof(result));
                result[sizeof(result) - 1] = '\0';
                return result;
            }

            token = strtok_r(path_ptr, ":", &path_ptr);
        }
    }

    if (stat(cmd, &buff) == 0)
    {
        _strncpy(result, cmd, sizeof(result));
        result[sizeof(result) - 1] = '\0';
        return result;
    }

    return NULL;
}

I hope someone helps me with more insight

Foggzie
  • 9,691
  • 1
  • 31
  • 48
Yeeloman
  • 11
  • 3
  • CPU? OS? Compiler and version? Valgrind version? – Paul Floyd May 23 '23 at 10:15
  • 2
    Show the definition `CommandArgs`. How are you filling data in it? Are you sure `args->data[0]` is pointing to some valid memory? – H.S. May 23 '23 at 10:55
  • typedef struct { char **data; int length; } CommandArgs; this is the definition, and yes im sure of that, args->data[0] its pointing to a valid memory if the input for example was ls if i do print args->data[0 ] it prints ls – Yeeloman May 23 '23 at 11:05
  • compiler gcc -Wall -Werror -Wextra -pedantic -std=gnu89 -g shell.c -o shell gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0 valgrind version valgrind-3.18.1 – Yeeloman May 23 '23 at 11:22
  • And which CPU is this on? – Paul Floyd May 23 '23 at 12:57
  • cpu Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz 1.99 GHz – Yeeloman May 23 '23 at 13:35
  • Why not replace `execve()` with `execvpe()` and let *it* do the path searching. – Andrew Henle May 23 '23 at 14:33
  • the assignment forbids us from using execvpe we are only allowed to use execve – Yeeloman May 23 '23 at 14:43
  • please add to the question the code that creates environ and args – pm100 May 23 '23 at 15:09
  • `> ==389== Address 0x1ffefffad0 is on thread 1's stack > ==389== 776 bytes below stack pointer` probably means `args->data[0]` points to a local variable in a function that has returned. – Andrew Henle May 23 '23 at 18:44

0 Answers0