[jira] [Commented] (YARN-7455) quote_and_append_arg can overflow buffer

Thu, 30 Nov 2017 14:23:17 -0800 

    [ 
https://issues.apache.org/jira/browse/YARN-7455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16273582#comment-16273582
 ] 

Jason Lowe commented on YARN-7455:
----------------------------------

Thanks for the patch!

I'm wondering if it would be easier to maintain if we leveraged snprintf() to 
do the size calculations.  snprintf has a very useful return value that shows 
how many characters (without the terminating NUL) are needed for the output, so 
we can use it to query how much we need.  For example:
{code}
  const char* format = "%s'%s' ";
  size_t append_size = snprintf(NULL, 0, format, param, tmp);
  append_size += 1; // for the terminating NUL
  size_t len_str = strlen(*str);
  size_t new_size = len_str + append_size;
  [...]
  char *cur_ptr = *str + len_str;
  sprintf(cur_ptr, format, param, tmp);
{code}

The advantage is that we don't have to manually manage the separate strlen 
calculations for param, arg, extra_chars, etc.  Not a must-fix, just a 
suggestion.

Nit: {{+ NULL}} should be {{+ NUL}} (NUL character vs. NULL pointer)

Nit: The code can just adjust new_size by the growth amount and use that to 
both call realloc and assign to {{*size}} so we don't have to remember to 
compute it twice.  As a bonus we then no longer have to track 
QUOTE_AND_APPEND_ARG_GROWTH in a separate variable.

Why is the following necessary?  sprintf will always terminate the string.
{code}
  (*str)[new_size - 1] = '\0';
{code}
 
Great work on the unit tests!


> quote_and_append_arg can overflow buffer
> ----------------------------------------
>
>                 Key: YARN-7455
>                 URL: https://issues.apache.org/jira/browse/YARN-7455
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.9.0, 3.0.0
>            Reporter: Jason Lowe
>            Assignee: Jim Brennan
>         Attachments: YARN-7455.001.patch, YARN-7455.002.patch
>
>
> While reviewing YARN-7197 I noticed that add_mounts in docker_util.c has a 
> potential buffer overflow since tmp_buffer is only 1024 bytes which may not 
> be sufficient to hold the specified mount path.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to