Change Details

this commit removes the code that was changing argv values, and replaces it with a new array. Which is absolutly fine, as the argv / argc values are never accessed later on. Only the copies that have been passed to efl_main or elm_main. This resolves several issues: 1. the for loop is useless, it is only possible that opt_args is 1 less than argc, which means, this for loop will only print a inf, and thats it. Which is not really helpfull 2. The memcpy here is super dangerous, the dest array is not garanteed to have the same size as argv[0], this only works if the client application name is shorter than the name "exactness_recorder" 3. The memset here is absolutly wrong. There is again no garantee that the array has the expected size behind that, this was constantly overwriting the segment after the place where argv was stored, which was lukely enough on fedora always the environs, which deleted the couple first segments. (This was not causing any fuzz, since they have been sudo related env vars on the docker image). However, on arch this just crashed right away. On Ubuntu this overwrote DISPLAY, which resulted in the unability to launch the app.

this commit removes the code that was changing argv values, and replaces it with a new array. Which is absolutly fine, as the argv / argc values are never accessed later on. Only the copies that have been passed to efl_main or elm_main. This resolves several issues: 1. the for loop is useless, every single array element that gets initialized with it, is some offset from argv[0] this may also crash when argv[i] - argv[opt_args] is bigger strlen argv[0]. 2. The memcpy here is super dangerous, the dest array is not garanteed to have the same size as argv[0], this only works if the client application name is shorter than the name "exactness_recorder" 3. The memset here is absolutly wrong. There is again no garantee that the array has the expected size behind that, this was constantly overwriting the segment after the place where argv was stored, which was lukely enough on fedora always the environs, which deleted the couple first segments. (This was not causing any fuzz, since they have been sudo related env vars on the docker image). However, on arch this just crashed right away. On Ubuntu this overwrote DISPLAY, which resulted in the unability to launch the app.

this commit removes the code that was changing argv values, and replaces it with a new array. Which is absolutly fine, as the argv / argc values are never accessed later on. Only the copies that have been passed to efl_main or elm_main. This resolves several issues: 1. the for loop is useless, it is only possible that opt_args is 1 lessevery single array element that gets than argc, which means, this for loop will only print a infinitialized with it, andis some offset from argv[0] this may also crash thats it. Whichwhen argv[i] - argv[opt_args] is not really helpfullbigger strlen argv[0]. 2. The memcpy here is super dangerous, the dest array is not garanteed to have the same size as argv[0], this only works if the client application name is shorter than the name "exactness_recorder" 3. The memset here is absolutly wrong. There is again no garantee that the array has the expected size behind that, this was constantly overwriting the segment after the place where argv was stored, which was lukely enough on fedora always the environs, which deleted the couple first segments. (This was not causing any fuzz, since they have been sudo related env vars on the docker image). However, on arch this just crashed right away. On Ubuntu this overwrote DISPLAY, which resulted in the unability to launch the app.