[Tarantool-patches] [PATCH] core: fix static_alloc buffer overflow
Vladislav Shpilevoy
v.shpilevoy at tarantool.org
Tue Nov 3 00:43:02 MSK 2020
On 02.11.2020 22:18, Cyrill Gorcunov wrote:
> On Mon, Nov 02, 2020 at 10:09:29PM +0100, Vladislav Shpilevoy wrote:
>>> Thanks for the investigation! My bad, I used MIN as a function with
>>> sematics of all agruments calculated before call. You're right - in case
>>> of define it can cause a double call.
>>>
>>> The SNPRINT although leaves some questions to me: in case 'written' is
>>> more or equal to 'size', it forces '_buf' to be set to NULL. But in the
>>> sio_socketname_to_buffer() there's no check for NULL between the calls.
>>> A call to snprintf() delivers a segfault, at least for Mac.
>>
>> Woops, SNPRINT is used a lot in the code. If it is true, we need to fix SNPRINT.
>
> Guys, I didn't follow the details of the series but thought of some
> helper like below. Will it help?
In some places yes. But SNPRINT is used not only with snprintf.
It also is used with vsnprintf, mp_snprint, vy_run_snprint_filename,
tuple_snprint, say_format_plain_tail, json_escape, strftime, and probably
more. So it would be better to fix SNPRINT. To cover all its usage
cases.
More information about the Tarantool-patches
mailing list