From: Celeste Liu <coelacanthushex@gmail.com>
To: Bluez <linux-bluetooth@vger.kernel.org>
Cc: Celeste Liu <CoelacanthusHex@gmail.com>
Subject: [PATCH] monitor: fix buffer overflow when terminal width > 255
Date: Sat, 14 Sep 2024 22:09:43 +0800 [thread overview]
Message-ID: <20240914-fix-log-buffer-overflow-v1-1-733cb4fff673@gmail.com> (raw)
In current code, we create line buffer with size 256, which can contains
255 ASCII characters. But in modern system, terminal can have larger
width. It may cause buffer overflow in snprintf() text.
We need allocate line buffer with size which can contains one line in
terminal. The size should be difficult to calculate because of multibyte
characters, but our code using line buffer assumed all characters has
1 byte size (e.g. when we put packet text into line buffer via
snprintf(), we calculate max size by 1B * col.), so it's safe to
allocate line buffer with col + 1.
Signed-off-by: Celeste Liu <CoelacanthusHex@gmail.com>
---
monitor/packet.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/monitor/packet.c b/monitor/packet.c
index c2599fe6864ab44d657c121fcc3ceecc1ebc52a6..3a21909116b341f782bcaf47c0cb3b880cb3a288 100644
--- a/monitor/packet.c
+++ b/monitor/packet.c
@@ -376,7 +376,8 @@ static void print_packet(struct timeval *tv, struct ucred *cred, char ident,
const char *text, const char *extra)
{
int col = num_columns();
- char line[256], ts_str[96], pid_str[140];
+ char ts_str[96], pid_str[140];
+ char *line = (char *) malloc(sizeof(char) * col + 1);
int n, ts_len = 0, ts_pos = 0, len = 0, pos = 0;
static size_t last_frame;
---
base-commit: 41f943630d9a03c40e95057b2ac3d96470b9c71e
change-id: 20240914-fix-log-buffer-overflow-9aa5e61ee5b8
Best regards,
--
Celeste Liu <CoelacanthusHex@gmail.com>
next reply other threads:[~2024-09-14 14:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-14 14:09 Celeste Liu [this message]
2024-09-14 16:02 ` monitor: fix buffer overflow when terminal width > 255 bluez.test.bot
2024-09-14 16:12 ` Celeste Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240914-fix-log-buffer-overflow-v1-1-733cb4fff673@gmail.com \
--to=coelacanthushex@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox