|
From: <sv...@va...> - 2013-01-29 04:25:57
|
florian 2013-01-29 04:25:45 +0000 (Tue, 29 Jan 2013)
New Revision: 13274
Log:
Fix a buffer overflow in VG_(assert_fail).
Patch by Matthias Schwarzott (zz...@ge...) with some minor mods.
Fixes BZ 313811
Modified files:
trunk/NEWS
trunk/coregrind/m_libcassert.c
Modified: trunk/coregrind/m_libcassert.c (+8 -2)
===================================================================
--- trunk/coregrind/m_libcassert.c 2013-01-29 03:57:40 +00:00 (rev 13273)
+++ trunk/coregrind/m_libcassert.c 2013-01-29 04:25:45 +00:00 (rev 13274)
@@ -271,9 +271,10 @@
Int line, const HChar* fn, const HChar* format, ... )
{
va_list vargs;
- HChar buf[256];
+ HChar buf[512];
const HChar* component;
const HChar* bugs_to;
+ UInt written;
static Bool entered = False;
if (entered)
@@ -281,9 +282,14 @@
entered = True;
va_start(vargs, format);
- VG_(vsprintf) ( buf, format, vargs );
+ written = VG_(vsnprintf) ( buf, sizeof(buf), format, vargs );
va_end(vargs);
+ if (written >= sizeof(buf)) {
+ VG_(printf)("\nvalgrind: %s: buf is too small, sizeof(buf) = %u, "
+ "written = %d\n", __func__, (unsigned)sizeof(buf), written);
+ }
+
if (isCore) {
component = "valgrind";
bugs_to = VG_BUGS_TO;
Modified: trunk/NEWS (+1 -0)
===================================================================
--- trunk/NEWS 2013-01-29 03:57:40 +00:00 (rev 13273)
+++ trunk/NEWS 2013-01-29 04:25:45 +00:00 (rev 13274)
@@ -85,6 +85,7 @@
310931 [390] s390x: Message-security assist (MSA) instruction extension not implemented
312913 [390] Dangling pointers error should also report the alloc stack trace
312980 [390] Building on Mountain Lion generates some compiler warnings
+313811 [390] Buffer overflow in assert_fail
n-i-bz [390] report error for vgdb snapshot requested before execution
n-i-bz [390] Some wrong command line options could be ignored
n-i-bz [390] same as 303624 (fixed in 3.8.0), but for x86 android
|