bug#36279: 26.2.90; (process-attributes nonexistent-pid) segmentation fault

[Robert Pluim]

>>>>> On Tue, 18 Jun 2019 20:14:31 +0200, Robert Pluim <rpluim@gmail.com> said:

>>>>> On Tue, 18 Jun 2019 21:06:31 +0300, Eli Zaretskii <eliz@gnu.org> said:
    >>> From: Robert Pluim <rpluim@gmail.com>
    >>> Cc: xuchunyang <mail@xuchunyang.me>,  36279@debbugs.gnu.org,  
npostavs@gmail.com
    >>> Date: Tue, 18 Jun 2019 19:53:06 +0200
    >>> 
    >>> list_system_processes (on macOS and FreeBSD) and
    >>> system_process_attributes(on FreeBSD) potentially have similar issues
    >>> with sysctl. Would you like a defensive patch for those?

    Eli> Yes, I think so.

    Robert> OK, sometime tomorrow (and perhaps for 'get_boot_time' in filelock.c
    Robert> as well)

I think I got all the ChangeLog syntax right. Patch against emacs-26
attached, not yet pushed.

>From a70ac9f644660a16fa871a9f6933c1344ffae083 Mon Sep 17 00:00:00 2001
From: Robert Pluim <rpluim@gmail.com>
Date: Wed, 19 Jun 2019 08:52:50 +0200
Subject: [PATCH] Check length returned by sysctl
To: emacs-devel@gnu.org

sysctl sometimes returns successfully even when it returns no data,
such as when querying non-existent processes, which can cause crashes.
Check for this condition by validating the length of the returned
data.  (Bug#36279)

* src/sysdep.c (list_system_processes) [DARWIN_OS || __FreeBSD__]:
(system_process_attributes) [__FreeBSD__]:
(system_process_attributes) [DARWIN_OS]:
* src/filelock.c (get_boot_time) [CTL_KERN && KERN_BOOTTIME]: Check
length of data returned by sysctl.
---
 src/filelock.c |  3 +--
 src/sysdep.c   | 10 +++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/filelock.c b/src/filelock.c
index 81d98f36fa..0865450936 100644
--- a/src/filelock.c
+++ b/src/filelock.c
@@ -151,8 +151,7 @@ get_boot_time (void)
     mib[0] = CTL_KERN;
     mib[1] = KERN_BOOTTIME;
     size = sizeof (boottime_val);
-
-    if (sysctl (mib, 2, &boottime_val, &size, NULL, 0) >= 0)
+    if (sysctl (mib, 2, &boottime_val, &size, NULL, 0) >= 0 && size != 0)
       {
        boot_time = boottime_val.tv_sec;
        return boot_time;
diff --git a/src/sysdep.c b/src/sysdep.c
index 1e35e06b63..b2aecc0dda 100644
--- a/src/sysdep.c
+++ b/src/sysdep.c
@@ -3014,11 +3014,11 @@ list_system_processes (void)
 
   Lisp_Object proclist = Qnil;
 
-  if (sysctl (mib, 3, NULL, &len, NULL, 0) != 0)
+  if (sysctl (mib, 3, NULL, &len, NULL, 0) != 0 || len == 0)
     return proclist;
 
   procs = xmalloc (len);
-  if (sysctl (mib, 3, procs, &len, NULL, 0) != 0)
+  if (sysctl (mib, 3, procs, &len, NULL, 0) != 0 || len == 0)
     {
       xfree (procs);
       return proclist;
@@ -3618,7 +3618,7 @@ system_process_attributes (Lisp_Object pid)
   CONS_TO_INTEGER (pid, int, proc_id);
   mib[3] = proc_id;
 
-  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0)
+  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0 || proclen == 0)
     return attrs;
 
   attrs = Fcons (Fcons (Qeuid, make_fixnum_or_float (proc.ki_uid)), attrs);
@@ -3740,7 +3740,7 @@ system_process_attributes (Lisp_Object pid)
 
   mib[2] = KERN_PROC_ARGS;
   len = MAXPATHLEN;
-  if (sysctl (mib, 4, args, &len, NULL, 0) == 0)
+  if (sysctl (mib, 4, args, &len, NULL, 0) == 0 && len != 0)
     {
       int i;
       for (i = 0; i < len; i++)
@@ -3798,7 +3798,7 @@ system_process_attributes (Lisp_Object pid)
   CONS_TO_INTEGER (pid, int, proc_id);
   mib[3] = proc_id;
 
-  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0)
+  if (sysctl (mib, 4, &proc, &proclen, NULL, 0) != 0 || proclen == 0)
     return attrs;
 
   uid = proc.kp_eproc.e_ucred.cr_uid;
-- 
2.21.0.419.gffac537e6c