From nobody Sun May 24 23:28:57 2026 Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43D733939D3 for ; Wed, 20 May 2026 11:19:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779275981; cv=none; b=F8SS7GYvQVbNdToY0MeB6pUMMF8ohUPWy9Ffloi8n3aI9Mi5yvI3xZ4v78kbsyMMeBU6haaWzkAEri7wdKajAdX/mfaMvGjzbZ2KjC02Z78e6J92vM+Y/l4HbSIXctM5PEBjb+itDhZp2GlWkAyo28WuD9F/SqxMCZ4rBYyNwJ8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779275981; c=relaxed/simple; bh=Sx5EeP6ceTcxqbznCIVfFNiuPWHiLJVLIh/zhSPRjUU=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=EPufmQBDx44TFwbf7tCWeKlDjcxhIRvIm09iv/LaTRJBXH5vyMkbKP9bngS9znSY3fk8MFIyLCiF2EtBl7fwtpp8fvt8n+9w8HmLFBM7Oocd3PW5rfPESWFPvMog0CjDs3acm2Cm58Tf03GKKMiJcqe52CisCZJe8EqyL3JumOM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=thingy.jp; spf=pass smtp.mailfrom=0x0f.com; dkim=pass (1024-bit key) header.d=thingy.jp header.i=@thingy.jp header.b=lm93P3Hk; arc=none smtp.client-ip=209.85.216.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=thingy.jp Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=0x0f.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=thingy.jp header.i=@thingy.jp header.b="lm93P3Hk" Received: by mail-pj1-f50.google.com with SMTP id 98e67ed59e1d1-365cae89bf5so1920400a91.3 for ; Wed, 20 May 2026 04:19:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thingy.jp; s=google; t=1779275978; x=1779880778; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=+kId3qLkBV1CuQt5WYoxAFcj/iN20keQluc+mzWTpVU=; b=lm93P3HkGnDSLKdtkRgbIC5Tse4pwf/mSqx8xB7l+ZzV5EIaRA82NoqvZZ2dEGRsZC D0oqfo6mAp57oQGAktRKSgoarr7oXxYkUnUhZBk8eMOjBOC2CzjOy3nEKyTZaksQWXBO G9XDCTy7pzzrC8DG0D8MF8Fq4cYC0NaYZwLbY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779275978; x=1779880778; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+kId3qLkBV1CuQt5WYoxAFcj/iN20keQluc+mzWTpVU=; b=gezV8e6lycrMsEdL6KMt/jLLtxrX3dSkKzJ5quoDkZLa1mKI6tP30duDm5HAA0PyY+ dgXCKngP04Am6RfrrqddLyzMNQM5fJ1g3eQpnZ8/IYcOttuUG41KQWrhVvOhngBLssu8 Dvwgs0mtwPgZQN2OPHXV33nW+r9z2eZIc6uh6AGLrdZnD9lPajx4R3GTjfa8NAhMZz8M mI/uXGIWA9175pCDtkkWo7C+qL+DmcZQT/at6amOgFwCpcwLZVmEZmcZ2GHUJhE7TFkM u/5NMHgO7buQgVyMF+GKAJ4I/Jbn/9lLH5ePZDQZKq2zplU5kQCr+1md408OmI8p2BkN 6wwQ== X-Gm-Message-State: AOJu0YzFrl2dd3WrZv7/3gn6F8N/ZI5hUztc0Lr0g1T5nRDQ0HabWUk0 R87ro1AHw9OWAcsjjbul1ZheKG+7BWfacpL9nv6+RluLJWyfPbUGgDKAlmu5fZ9vJFwgWLTRLLO xi8w+ X-Gm-Gg: Acq92OEUvrj+8h+2LHzL15oS15E9sLmfWdlT2AfqoEf7fcu44W24FuZRyW3ZValAcWr OcnsPZhaBMMtDS/VK1NdnPzz2p+fl5x4CxjpDL+AMKY3cNj6Jhs8L+q2X43oRbYF+CFxGbK3sis WBkGQpXQxIwW+BPr5fhRDb/X/uPibrH6kJ9EitVD/ZGLF1sjpfP3U/YzNqlS5IcY10LLVOmHtbc /GxfOUfqVZcd9nDNlBP2YDZ7HfPckszyy/XjKmrfQS1qo7HZ0ZUdh3ARcpoLGYssU/E8Ix+Mtax beKRbIk6bHOJt3ZFtY+u8RboyetwuvZjiKNCrsCCWEhWkVYKK/DFgn7ie350VqyEm8O70mSZpWt ntnVNDms+O0+vYXKZZ+8JqIu3bBYhyLefQM+jgkxsLXZN+b33Q1lNv2P0rzYbEa9kO/6D7VLwnk ETl1BYyGRVLhAUWRYaPo2ykznK7D5vUhnVngZaZBpJHczZwJ/iVAnIR4hKDWV3aEi7mP9XmRESL SWoxbSeo1W2ywduU4y+mM7r X-Received: by 2002:a17:903:11c4:b0:2bd:9766:bd2b with SMTP id d9443c01a7336-2bd9766be37mr204602665ad.19.1779275978346; Wed, 20 May 2026 04:19:38 -0700 (PDT) Received: from kinako.work.home.arpa (p1620034-ipxg00d01sizuokaden.shizuoka.ocn.ne.jp. [122.29.136.34]) by smtp.googlemail.com with ESMTPSA id d9443c01a7336-2bd5bd5fe67sm232096615ad.3.2026.05.20.04.19.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 May 2026 04:19:37 -0700 (PDT) From: Daniel Palmer To: w@1wt.eu, linux@weissschuh.net Cc: linux-kernel@vger.kernel.org, Daniel Palmer Subject: [PATCH] tools/nolibc: getopt: Fix potential out of bounds access Date: Wed, 20 May 2026 20:19:31 +0900 Message-ID: <20260520111931.1027758-1-daniel@thingy.jp> X-Mailer: git-send-email 2.53.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Running clang-tidy on a program that uses getopt() from nolibc this warning appears: getopt.h:80:6: warning: Out of bound access to memory after the end of the = string literal [clang-analyzer-security.ArrayBound] 80 | if (optstring[i] =3D=3D ':') { Claude was asked for a reproducer and the human fixed up version looks like this: int main(int argc, char **argv, char **envp) { char arg[] =3D "-ab"; char *_argv[] =3D { "prog", arg, NULL }; char *optstring =3D "ab"; int c =3D getopt(2, _argv, optstring); printf("call 1: '%c'\n", c); arg[2] =3D '\0'; c =3D getopt(2, _argv, optstring); printf("call 2: '%c'\n", c); return 0; } This looks like a very unlikely case that an argument inside of argv is being changed between getopt() calls. Claude suggests using `-fsanitize=3Daddress` to detect the issue but that doesn't work for nolibc so lets do it manually with gdb: Breakpoint 1, getopt (argc=3D2, argv=3D0x7fffffffdb20, optstring=3D0x555555= 55c0ac "ab") at ./../cleantrees/linux-nolibc/tools/include/nolibc/getopt.h:= 80 80 if (optstring[i] =3D=3D ':') { (gdb) print i $2 =3D 3 The length of optstring is 3 and we are accessing the 4th byte. Adding a check for d becoming 0 in the guard after the loop stops getopt() getting far enough to access beyond the end of the array and seems to correct the issue. This probably isn't fixing a real world issue but it stops people seeing the scary warning from clang-tidy. Assisted-by: Claude:claude-4.6-sonnet # reproducer Signed-off-by: Daniel Palmer --- While test the other things I am working on with nolibc I found this. It doesn't look like it needs a name and its own website but seems to be a valid bug. tools/include/nolibc/getopt.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/nolibc/getopt.h b/tools/include/nolibc/getopt.h index 87565e3b6a33..3ad140f692df 100644 --- a/tools/include/nolibc/getopt.h +++ b/tools/include/nolibc/getopt.h @@ -71,7 +71,7 @@ int getopt(int argc, char * const argv[], const char *opt= string) d =3D optstring[i++]; } while (d && d !=3D c); =20 - if (d !=3D c || c =3D=3D ':') { + if (!d || d !=3D c || c =3D=3D ':') { optopt =3D c; if (optstring[0] !=3D ':' && opterr) fprintf(stderr, "%s: unrecognized option: %c\n", argv[0], *optchar); --=20 2.53.0