[Tarantool-patches] [PATCH] core: fix static_alloc buffer overflow
Sergey Ostanevich
sergos at tarantool.org
Fri Oct 23 18:13:38 MSK 2020
Static buffer overflow in thread local pool causes random fails on OSX
platform. This was caused by an incorrect use of the allocator result:
the snprintf returns the full size of the formatted string, rather the
number of bytes written.
Fixes #5312
Branch: https://github.com/tarantool/tarantool/tree/sergos/gh-5312-crash-in-libeio
Issue: https://github.com/tarantool/tarantool/issues/5312
---
src/lib/core/sio.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/lib/core/sio.c b/src/lib/core/sio.c
index 97a512eee..44f952c7c 100644
--- a/src/lib/core/sio.c
+++ b/src/lib/core/sio.c
@@ -53,15 +53,15 @@ sio_socketname(int fd)
int save_errno = errno;
int name_size = 2 * SERVICE_NAME_MAXLEN;
char *name = static_alloc(name_size);
- int n = snprintf(name, name_size, "fd %d", fd);
+ int n = MIN(snprintf(name, name_size, "fd %d", fd), name_size);
if (fd >= 0) {
struct sockaddr_storage addr;
socklen_t addrlen = sizeof(addr);
int rc = getsockname(fd, (struct sockaddr *) &addr, &addrlen);
if (rc == 0) {
- n += snprintf(name + n, name_size - n, ", aka %s",
+ n += MIN(snprintf(name + n, name_size - n, ", aka %s",
sio_strfaddr((struct sockaddr *)&addr,
- addrlen));
+ addrlen)), name_size - n);
}
addrlen = sizeof(addr);
rc = getpeername(fd, (struct sockaddr *) &addr, &addrlen);
--
2.24.3 (Apple Git-128)
More information about the Tarantool-patches
mailing list