[ https://issues.apache.org/jira/browse/DISPATCH-1566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036477#comment-17036477 ]
ASF GitHub Bot commented on DISPATCH-1566: ------------------------------------------ kgiusti commented on pull request #679: DISPATCH-1566: fix safe_snptrintf URL: https://github.com/apache/qpid-dispatch/pull/679#discussion_r379086687 ########## File path: src/router_core/terminus.c ########## @@ -75,24 +76,34 @@ void qdr_terminus_free(qdr_terminus_t *term) free_qdr_terminus_t(term); } - // DISPATCH-1461: snprintf() is evil - it returns >= size on overflow. This // wrapper will never return >= size, even if truncated. This makes it safe to // do pointer & length arithmetic without overflowing the destination buffer in // qdr_terminus_format() // -static inline int safe_snprintf(char *str, size_t size, const char *format, ...) -{ +size_t safe_snprintf(char *str, size_t size, const char *format, ...) { + // max size allowed must be INT_MAX (since vsnprintf reutrns an int) + if (size == 0 || size > INT_MAX) { + //TODO log a warning somewhere? + return 0; + } + int max_possible_return_value = (int)(size - 1); va_list ap; va_start(ap, format); int rc = vsnprintf(str, size, format, ap); va_end(ap); - if (size && rc >= size) - return size - 1; // return actual # of bytes written (excluding null) - return rc; -} + if (rc < 0) { // parsing error! + //TODO log a warning somewhere? + return 0; Review comment: Good idea checking for rc < 0. I'd suggest terminating the string before returning zero however since it may be unterminated. Example if (rc < 0) { if (size > 0 && str) *str = 0; return 0; } ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > safe_snpritf is not safe. > ------------------------- > > Key: DISPATCH-1566 > URL: https://issues.apache.org/jira/browse/DISPATCH-1566 > Project: Qpid Dispatch > Issue Type: Bug > Components: Router Node > Affects Versions: 1.10.0 > Reporter: Nicolas > Priority: Major > Fix For: 1.11.0 > > Original Estimate: 168h > Remaining Estimate: 168h > > {{/* **************************************** */}} > {{static inline int safe_snprintf(char *str, size_t size, const char *format, > ...)}} > {{{ .... }}{{}}} > This function fails for size = 0, and ... inside it calls vsnprintf, without > considering that in case of error vsnprintf returns a negative number. > PR in progress. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org