Menu

#45 PThreads::getThreadId() has a buffer overflow bug

None
closed-fixed
nobody
None
5
2016-10-26
2016-08-29
James Clarke
No

The temporary buffer in PThreads::getThreadId is only 16 bytes (ie can store up to about 2^49 as a decimal string), but pthread_self is an unsigned long, and on sparc64 a typicaly value is 0xfff8000100ca9910, which overflows the buffer (18444492278204111120 is 21 digits). The simple "solution" would of course be to bump up the buffer size (and use snprintf rather than the abomination that is sprintf...), but it seems nicer to let asprintf allocate the right size. The attached patch switched to asprintf.

1 Attachments
0001-PThreads-Use-asprintf-to-ensure-the-buffer-is-always.patch

Discussion

  • Alexander Perepelkin

    Alexander Perepelkin - 2016-10-18

    Thanks for the report.
    Slightly changed patch will be applied in the next release.
    Stack will be used when it has enough space for the string, otherwise memory will be allocated via asprintf.

     

  • Alexander Perepelkin

    Alexander Perepelkin - 2016-10-26
    • status: open --> closed-fixed
    • Group: -->
     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.