From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sergos@tarantool.org>
Received: from smtp56.i.mail.ru (smtp56.i.mail.ru [217.69.128.36])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 18B0C469719
 for <tarantool-patches@dev.tarantool.org>;
 Fri, 23 Oct 2020 18:13:39 +0300 (MSK)
From: Sergey Ostanevich <sergos@tarantool.org>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Message-Id: <FBB23D13-1A0D-4C92-918A-EB2995E2CB17@tarantool.org>
Date: Fri, 23 Oct 2020 18:13:38 +0300
Subject: [Tarantool-patches] [PATCH] core: fix static_alloc buffer overflow
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
To: tarantool-patches@dev.tarantool.org
Cc: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>

Static buffer overflow in thread local pool causes random fails on OSX
platform. This was caused by an incorrect use of the allocator result:
the snprintf returns the full size of the formatted string, rather the
number of bytes written.

Fixes #5312

Branch: =
https://github.com/tarantool/tarantool/tree/sergos/gh-5312-crash-in-libeio=

Issue: https://github.com/tarantool/tarantool/issues/5312

---
src/lib/core/sio.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/core/sio.c b/src/lib/core/sio.c
index 97a512eee..44f952c7c 100644
--- a/src/lib/core/sio.c
+++ b/src/lib/core/sio.c
@@ -53,15 +53,15 @@ sio_socketname(int fd)
      int save_errno =3D errno;
      int name_size =3D 2 * SERVICE_NAME_MAXLEN;
      char *name =3D static_alloc(name_size);
-       int n =3D snprintf(name, name_size, "fd %d", fd);
+       int n =3D MIN(snprintf(name, name_size, "fd %d", fd), =
name_size);
      if (fd >=3D 0) {
              struct sockaddr_storage addr;
              socklen_t addrlen =3D sizeof(addr);
              int rc =3D getsockname(fd, (struct sockaddr *) &addr, =
&addrlen);
              if (rc =3D=3D 0) {
-                       n +=3D snprintf(name + n, name_size - n, ", aka =
%s",
+                       n +=3D MIN(snprintf(name + n, name_size - n, ", =
aka %s",
                              sio_strfaddr((struct sockaddr *)&addr,
-                                                               =
addrlen));
+                                                addrlen)), name_size - =
n);
              }
              addrlen =3D sizeof(addr);
              rc =3D getpeername(fd, (struct sockaddr *) &addr, =
&addrlen);
--=20
2.24.3 (Apple Git-128)