[Tarantool-patches] [PATCH] core: fix static_alloc buffer overflow

Sergey Ostanevich sergos at tarantool.org
Fri Oct 23 18:13:38 MSK 2020


Static buffer overflow in thread local pool causes random fails on OSX
platform. This was caused by an incorrect use of the allocator result:
the snprintf returns the full size of the formatted string, rather the
number of bytes written.

Fixes #5312

Branch: https://github.com/tarantool/tarantool/tree/sergos/gh-5312-crash-in-libeio
Issue: https://github.com/tarantool/tarantool/issues/5312

---
src/lib/core/sio.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/core/sio.c b/src/lib/core/sio.c
index 97a512eee..44f952c7c 100644
--- a/src/lib/core/sio.c
+++ b/src/lib/core/sio.c
@@ -53,15 +53,15 @@ sio_socketname(int fd)
      int save_errno = errno;
      int name_size = 2 * SERVICE_NAME_MAXLEN;
      char *name = static_alloc(name_size);
-       int n = snprintf(name, name_size, "fd %d", fd);
+       int n = MIN(snprintf(name, name_size, "fd %d", fd), name_size);
      if (fd >= 0) {
              struct sockaddr_storage addr;
              socklen_t addrlen = sizeof(addr);
              int rc = getsockname(fd, (struct sockaddr *) &addr, &addrlen);
              if (rc == 0) {
-                       n += snprintf(name + n, name_size - n, ", aka %s",
+                       n += MIN(snprintf(name + n, name_size - n, ", aka %s",
                              sio_strfaddr((struct sockaddr *)&addr,
-                                                               addrlen));
+                                                addrlen)), name_size - n);
              }
              addrlen = sizeof(addr);
              rc = getpeername(fd, (struct sockaddr *) &addr, &addrlen);
-- 
2.24.3 (Apple Git-128)



More information about the Tarantool-patches mailing list