NULL pointer dereference in `sys_execve` when pathname pointer is unchecked

[nuczyc]

Describe the bug

A kernel panic occurs in the sys_execve implementation when an invalid pointer (such as NULL, a wild pointer, or unmapped memory) is passed as the pathname argument. The code calls .unwrap() on the result of char_ptr_to_str(pathname), which causes the entire system to crash if the conversion fails.

ruxos/api/ruxos_posix_api/src/imp/execve/mod.rs

Line 30 in 32a8fe8

let path = char_ptr_to_str(pathname).unwrap();

To Reproduce

1. Compile the program and run.

#include <unistd.h>
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>

int main() {
    // This PoC attempts to trigger the kernel panic in sys_execve
    // The panic occurs at line 30: let path = char_ptr_to_str(pathname).unwrap();
    // char_ptr_to_str returns None when the pointer is invalid, causing unwrap() to panic
    
    // Method 1: Pass NULL pointer (most likely to trigger)
    printf("Attempting execve with NULL pathname...\n");
    execve(NULL, NULL, NULL);
    
    // Method 2: Pass invalid pointer (if NULL is handled)
    printf("Attempting execve with invalid pathname...\n");
    execve((char*)0xdeadbeef, NULL, NULL);
    
    // Method 3: Pass pointer to unmapped memory
    printf("Attempting execve with unmapped memory...\n");
    execve((char*)0x100000000, NULL, NULL);
    
    // If we reach here, the panic wasn't triggered
    printf("Panic was not triggered - execve returned normally\n");
    return 0;
}

2.features.txt

alloc
paging
net
multitask
irq
fs

Environment

• RuxOS version:[Merge pull request #219 from syswonder/dev · syswonder/ruxos@32a8fe8](32a8fe8)

Logs

SeaBIOS (version 1.16.3-debian-1.16.3-2)


iPXE (https://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+7EFCAA40+7EF0AA40 CA00
                                                                               


Booting from ROM..
Initialize IDT & GDT...

8888888b.                     .d88888b.   .d8888b.
888   Y88b                   d88P" "Y88b d88P  Y88b
888    888                   888     888 Y88b.
888   d88P 888  888 888  888 888     888  "Y888b.
8888888P"  888  888 `Y8bd8P' 888     888     "Y88b.
888 T88b   888  888   X88K   888     888       "888
888  T88b  Y88b 888 .d8""8b. Y88b. .d88P Y88b  d88P
888   T88b  "Y88888 888  888  "Y88888P"   "Y8888P"

arch = x86_64
platform = x86_64-qemu-q35
target = x86_64-unknown-none
smp = 1
build_mode = debug
log_level = warn

[  0.203606 0 axfs_ramfs::dir:68] AlreadyExists sys
Attempting execve with NULL pathname...
[  0.204305 0:1 ruxruntime::lang_items:14] panicked at api/ruxos_posix_api/src/imp/execve/mod.rs:30:42:
called `Result::unwrap()` on an `Err` value: EFAULT