[SCM] Samba Shared Repository - branch master updated

Mon, 21 Feb 2022 16:18:20 -0800 

The branch, master has been updated
       via  a2590298b03 util: CID 1499409:  Memory - corruptions  
(OVERLAPPING_COPY)
      from  521e1195640 autobuild: Rewrite the symbol checking

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a2590298b035404d507fac1ea0e11dcd88a939fa
Author: Martin Schwenke <mar...@meltin.net>
Date:   Fri Feb 18 12:02:50 2022 +1100

    util: CID 1499409:  Memory - corruptions  (OVERLAPPING_COPY)
    
    This is quite bizarre:
    
    *** CID 1499409:  Memory - corruptions  (OVERLAPPING_COPY)
    /lib/util/debug.c: 1742 in dbghdrclass()
    1736                                         sizeof(tvbuf.buf),
    1737                                         "%ld seconds since the Epoch", 
(long)t);
    1738                        }
    1739                }
    1740
    1741                ensure_hostname();
    >>>     CID 1499409:  Memory - corruptions  (OVERLAPPING_COPY)
    >>>     In the call to function "snprintf", the object pointed to by 
argument "state.hostname" may overlap with the object pointed to by argument 
"state.header_str".
    1742                state.hs_len = snprintf(state.header_str,
    1743                                        sizeof(state.header_str),
    1744                                        "%s %s %s[%u]: ",
    1745                                        tvbuf.buf,
    1746                                        state.hostname,
    1747                                        state.prog_name,
    
    Coverity doesn't explicitly say so but the only way this can happen is
    if state.hostname is not NUL-terminated within its declared length.
    ensure_hostname() and debug_set_hostname() ensure NUL-termination, but
    the caching effect of ensure_hostname() probably stops Coverity from
    being certain about anything.
    
    Try making Coverity happy by using a precision to limit the number of
    characters from hostname that can be used.
    
    Signed-off-by: Martin Schwenke <mar...@meltin.net>
    Reviewed-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    
    Autobuild-User(master): Martin Schwenke <mart...@samba.org>
    Autobuild-Date(master): Tue Feb 22 00:17:12 UTC 2022 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 lib/util/debug.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/debug.c b/lib/util/debug.c
index 784357e9370..4143cb6058a 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -1741,8 +1741,9 @@ bool dbghdrclass(int level, int cls, const char 
*location, const char *func)
                ensure_hostname();
                state.hs_len = snprintf(state.header_str,
                                        sizeof(state.header_str),
-                                       "%s %s %s[%u]: ",
+                                       "%s %.*s %s[%u]: ",
                                        tvbuf.buf,
+                                       (int)(sizeof(state.hostname) - 1),
                                        state.hostname,
                                        state.prog_name,
                                        (unsigned int) getpid());


-- 
Samba Shared Repository

Reply via email to