fix: add bounds check for /proc/[pid]/stat fields in fillFromTIDStat#2076
Merged
shirou merged 1 commit intoshirou:masterfrom Apr 18, 2026
Merged
Conversation
fillFromTIDStatWithContext accesses fields up to index 22 without bounds checking. This causes an index-out-of-range panic when /proc/[pid]/stat has fewer than 23 fields, which can happen in container environments or with non-standard kernels. The function already guards fields[42] with a length check but is missing the same protection for lower-indexed fields. Fixes shirou#2070
shirou
approved these changes
Apr 14, 2026
Owner
shirou
left a comment
shirou
left a comment
There was a problem hiding this comment.
LGTM. Minimal and correct fix — the < 23 threshold matches the highest low-index access (fields[22]), and the early return prevents the panic cleanly.
Thanks for the fix!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #2070
Problem
fillFromTIDStatWithContextaccessesfields[4],fields[7],fields[14],fields[15],fields[18], andfields[22]without bounds checking. This causes an index-out-of-range panic when/proc/[pid]/stathas fewer than 23 fields.The function already guards
fields[42]at line 1073:But the same protection is missing for the lower-indexed fields.
Fix
Add an early bounds check:
This complements the fix in #1995 which added a similar check in a different code path.