Skip to content

shell: harden path normalization to avoid crashes in writeo flows#8

Open
AMDRIP wants to merge 1 commit intoPOSIX-Implementationfrom
codex/fix-red-screens-of-death-in-writeo-nlofin
Open

shell: harden path normalization to avoid crashes in writeo flows#8
AMDRIP wants to merge 1 commit intoPOSIX-Implementationfrom
codex/fix-red-screens-of-death-in-writeo-nlofin

Conversation

@AMDRIP
Copy link
Owner

@AMDRIP AMDRIP commented Mar 1, 2026

Motivation

  • Prevent stack/buffer overruns in the shell path resolver which can lead to kernel faults when interactive editors (writeo/writei) call resolve_path() with very deep or malformed paths.

Description

  • Added a guard in resolve_path() to stop accumulating parts once num_parts would exceed the parts[32][32] capacity to avoid writing past the local stack array.
  • Ensure overly-long path segments (longer than 31 chars) are fully skipped so the parser stays synchronized at the next / separator instead of leaving the cursor mid-segment.
  • Added output length checks when reconstructing the normalized path to keep writes inside the 256-byte output buffer.

Testing

  • Ran ./build.sh which initially failed due to execution permission on the script (Permission denied).
  • Ran bash ./build.sh which completed kernel compile and link steps (warnings only) but the final image creation step failed because mkfs.fat is not available in the environment, so no full image test was produced.

Codex Task

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 1, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 354aec4fe8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

kernel/src/shell.cpp
Comment on lines +117 to +121
if (num_parts >= 32) {
// Path is deeper than we can represent in the shell resolver.
// Skip the rest to avoid stack corruption.
while (curr < temp_len && temp[curr] != '/') curr++;
continue;
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep processing .. once path depth reaches cap

When num_parts hits 32, this branch skips every remaining segment without inspecting its value, so later .. components are ignored instead of popping depth. In deep but valid paths like /a/.../z/../target (where the cap is reached before ..), resolve_path() now normalizes to the wrong directory and write flows can operate on an unintended path; this is a functional regression introduced by the new early continue.

Useful? React with 👍 / 👎.

@AMDRIP AMDRIP added bug Something isn't working good first issue Good for newcomers and removed codex labels Mar 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

bug Something isn't working good first issue Good for newcomers

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AMDRIP