From: "vihai (Daniele Orlandi)" Date: 2021-10-21T13:34:32+00:00 Subject: [ruby-core:105734] [Ruby master Bug#18255] ioctl zeroes the last buffer byte Issue #18255 has been updated by vihai (Daniele Orlandi). nobu (Nobuyoshi Nakada) wrote in #note-3: > Found the bug. > Does this patch fix it? Here I am. Apparently it doesn't. I dug a bit deeper and I found that there are two issues that concur to this behavior: * `ioctl_narg_len` isn't properly extracting the buffer size from the ioctl number and defaults to `DEFULT_IOCTL_NARG_LEN` * When the original buffer is bigger than `DEFULT_IOCTL_NARG_LEN` it is not expanded to make room to the sentinel byte which is then overwrote with the string terminator. The first issue is caused by `` not defining `_IOC_SIZE`, ruby falls back to `DEFULT_IOCTL_NARG_LEN`. I guess you have to detect and include `` or ``. The second may be patched like this: ```diff --- io.c +++ io.c.patched @@ -9823,7 +9823,11 @@ rb_str_resize(arg, len+1); MEMZERO(RSTRING_PTR(arg)+slen, char, len-slen); slen = len+1; + } else { + rb_str_resize(arg, slen+1); + slen++; } + /* a little sanity check here */ ptr = RSTRING_PTR(arg); ptr[slen - 1] = 17; ``` Lastly I guess that DEFULT is spelled incorrectly :) ---------------------------------------- Bug #18255: ioctl zeroes the last buffer byte https://bugs.ruby-lang.org/issues/18255#change-94233 * Author: vihai (Daniele Orlandi) * Status: Open * Priority: Normal * Backport: 2.6: REQUIRED, 2.7: REQUIRED, 3.0: REQUIRED ---------------------------------------- Hello, I'm running ruby 2.7.4p191 on an armv7 linux and experimenting with GPIO_GET_LINEHANDLE_IOCTL ioctl. The ioctl sanity check is triggered as if the buffer was too small however the size of the buffer passed to ioctl is correct. ``` io.rb:116:in `ioctl': return value overflowed string (ArgumentError) ``` If I append at least one byte to the buffer the ioctl does not raise an exception. It seems that the last byte of the buffer is zeroed: ``` puts "SIZE=#{req.bytesize}" req = req + "XXXXXXXXXX".b puts req.unpack("H*") fd.ioctl(GPIO_GET_LINEHANDLE_IOCTL, req) puts req.unpack("H*") ``` ``` SIZE=364 [...]0000000000000058585858585858585858 [...]0000000600000058585858585858585800 ``` I checked with a C program and the ioctl does not actually touch the buffer beyond the expected 364 bytes. The ioctl number does encode 364 as size: ``` #include #include void main() { printf("SIZE=%d", _IOC_SIZE(GPIO_GET_LINEHANDLE_IOCTL)); } ``` ``` SIZE=364 ``` -- https://bugs.ruby-lang.org/ Unsubscribe: