bryancall opened a new pull request, #12723: URL: https://github.com/apache/trafficserver/pull/12723
## Description This PR fixes a potential buffer overflow in the http_load tool caused by improper handling of snprintf return values. ## Problem The snprintf function returns the number of characters that **would have been written** if the buffer was large enough, not the number actually written. When the buffer is too small, the return value can exceed available space, causing `hdr_bytes` and `req_bytes` to increment beyond the buffer boundary, leading to out-of-bounds writes on subsequent snprintf calls. ## Solution Check each snprintf return value and only increment the offset if: 1. The return value is positive (no error) 2. The return value is less than the remaining buffer space ## Testing Built and tested with AddressSanitizer (ASAN): **BEFORE fix:** ASAN detected stack-buffer-overflow at line 663 when using large headers (~2200 bytes in 2048-byte buffer) **AFTER fix:** No ASAN errors, buffer overflow prevented while maintaining correct header transmission for normal-sized headers See test results: /tmp/http_load_test/TEST_RESULTS.md ## Changes - Added proper return value checking to all snprintf calls that use += pattern in read_url_file() - Applied to 10 instances across header buffer (hdr_buf) and request buffer (req_buf) building Fixes #11839 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
