From 65cc1afbe8d65e388ffd670f8e7a8e785960550c Mon Sep 17 00:00:00 2001 From: UserGreen Date: Fri, 19 Jun 2026 23:40:09 +0300 Subject: [PATCH] Fix program_invocation_short_name when argv[0] has no '/' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit my_program_invocation_short_name (and my___progname) were computed as strrchr(box64->argv[0], '/') + 1. When argv[0] contains no '/', strrchr returns NULL, and NULL + 1 yields (char*)1 — an invalid pointer. Guest code that reads program_invocation_short_name / __progname then dereferences it and crashes (e.g. a std::string ctor doing strlen((char*)1)). This triggers when a process is exec'd with a bare argv[0] (no path), such as a renamed fork-server child, and shows up as a SIGSEGV in the forked child that does not reproduce when argv[0] is a path. Match glibc: with no '/', the short name is the whole argv[0]. Co-Authored-By: Claude Opus 4.8 --- src/wrapped/wrappedlibc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wrapped/wrappedlibc.c b/src/wrapped/wrappedlibc.c index ea061e0850..0c2782f741 100644 --- a/src/wrapped/wrappedlibc.c +++ b/src/wrapped/wrappedlibc.c @@ -4926,7 +4926,7 @@ EXPORT char* secure_getenv(const char* name) my_environ = my__environ = my___environ = box64->envv; \ my___progname_full = my_program_invocation_name = box64->argv[0]; \ my___progname = my_program_invocation_short_name = \ - strrchr(box64->argv[0], '/') + 1; \ + (strrchr(box64->argv[0], '/') ? strrchr(box64->argv[0], '/') + 1 : box64->argv[0]); \ getMy(lib); \ if(box64_isglibc234) \ setNeededLibs(lib, NEEDED_LIBS_234); \