[jira] [Commented] (DISPATCH-1566) safe_snpritf is not safe.

Thu, 13 Feb 2020 12:10:13 -0800 


    [ 
https://issues.apache.org/jira/browse/DISPATCH-1566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036477#comment-17036477
 ] 

ASF GitHub Bot commented on DISPATCH-1566:
------------------------------------------

kgiusti commented on pull request #679: DISPATCH-1566: fix safe_snptrintf
URL: https://github.com/apache/qpid-dispatch/pull/679#discussion_r379086687
 
 

 ##########
 File path: src/router_core/terminus.c
 ##########
 @@ -75,24 +76,34 @@ void qdr_terminus_free(qdr_terminus_t *term)
     free_qdr_terminus_t(term);
 }
 
-
 // DISPATCH-1461: snprintf() is evil - it returns >= size on overflow.  This
 // wrapper will never return >= size, even if truncated.  This makes it safe to
 // do pointer & length arithmetic without overflowing the destination buffer in
 // qdr_terminus_format()
 //
-static inline int safe_snprintf(char *str, size_t size, const char *format, 
...)
-{
+size_t safe_snprintf(char *str, size_t size, const char *format, ...) {
+    // max size allowed must be INT_MAX (since vsnprintf reutrns an int)
+    if (size == 0 || size > INT_MAX) {
+        //TODO log a warning somewhere?
+        return 0;
+    }
+    int max_possible_return_value = (int)(size - 1);
     va_list ap;
     va_start(ap, format);
     int rc = vsnprintf(str, size, format, ap);
     va_end(ap);
 
-    if (size && rc >= size)
-        return size - 1;  // return actual # of bytes written (excluding null)
-    return rc;
-}
+    if (rc < 0) { // parsing error!
+        //TODO log a warning somewhere?
+        return 0;
 
 Review comment:
   Good idea checking for rc < 0.  I'd suggest terminating the string before 
returning zero however since it may be unterminated.  Example
       if (rc < 0) {
          if (size > 0 && str) *str = 0;
          return 0;
   }
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> safe_snpritf is not safe.
> -------------------------
>
>                 Key: DISPATCH-1566
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1566
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Router Node
>    Affects Versions: 1.10.0
>            Reporter: Nicolas
>            Priority: Major
>             Fix For: 1.11.0
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> {{/* **************************************** */}}
> {{static inline int safe_snprintf(char *str, size_t size, const char *format, 
> ...)}}
> {{{ .... }}{{}}}
> This function fails for size = 0, and ... inside it calls vsnprintf, without 
> considering that in case of error vsnprintf returns a negative number.
> PR in progress.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to