From: Valdis.Kletnieks@vt.edu
To: Chase Douglas <chase.douglas@canonical.com>
Cc: Steven Rostedt <srostedt@redhat.com>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] trace-cmd: prevent print_graph_duration buffer overflow
Date: Sun, 13 Jun 2010 16:52:53 -0400 [thread overview]
Message-ID: <40245.1276462373@localhost> (raw)
In-Reply-To: Your message of "Sun, 13 Jun 2010 13:11:48 EDT." <1276449108-21328-2-git-send-email-chase.douglas@canonical.com>
[-- Attachment #1: Type: text/plain, Size: 735 bytes --]
On Sun, 13 Jun 2010 13:11:48 EDT, Chase Douglas said:
> Passing n > sizeof(string) to snprintf can cause a glibc buffer overflow
> condition. We know the exact size of nsecs_str, so use it instead of
> math that may overflow.
> /* Print nsecs (we don't want to exceed 7 numbers) */
> if ((s->len - len) < 7) {
> - snprintf(nsecs_str, 8 - (s->len - len), "%03lu", nsecs_rem);
> + snprintf(nsecs_str, sizeof(nsecs_str), "%03lu", nsecs_rem);
We only get into this code after we've checked that the length is under 7
characters. How much overflow can happen as long as the sizeof(nsecs_str) is a
sane size (like at least 8 chars)? Probably a better bet would be doing the
right thing and 'BUILD_BUG_ON(sizeof(nsecs_str) < 8);'?
[-- Attachment #2: Type: application/pgp-signature, Size: 227 bytes --]
next prev parent reply other threads:[~2010-06-13 20:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-13 17:11 [PATCH] trace-cmd: append to CFLAGS instead of being overriden Chase Douglas
2010-06-13 17:11 ` [PATCH] trace-cmd: prevent print_graph_duration buffer overflow Chase Douglas
2010-06-13 20:52 ` Valdis.Kletnieks [this message]
2010-06-13 21:01 ` Chase Douglas
2010-06-14 21:40 ` Valdis.Kletnieks
2010-06-15 0:16 ` Steven Rostedt
2010-06-15 12:49 ` Frederic Weisbecker
2010-06-15 13:04 ` Chase Douglas
2010-06-15 13:10 ` Frederic Weisbecker
2010-06-15 13:20 ` Chase Douglas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40245.1276462373@localhost \
--to=valdis.kletnieks@vt.edu \
--cc=chase.douglas@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=srostedt@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.