From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp56.i.mail.ru (smtp56.i.mail.ru [217.69.128.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 18B0C469719 for ; Fri, 23 Oct 2020 18:13:39 +0300 (MSK) From: Sergey Ostanevich Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Message-Id: Date: Fri, 23 Oct 2020 18:13:38 +0300 Subject: [Tarantool-patches] [PATCH] core: fix static_alloc buffer overflow List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: tarantool-patches@dev.tarantool.org Cc: Vladislav Shpilevoy Static buffer overflow in thread local pool causes random fails on OSX platform. This was caused by an incorrect use of the allocator result: the snprintf returns the full size of the formatted string, rather the number of bytes written. Fixes #5312 Branch: = https://github.com/tarantool/tarantool/tree/sergos/gh-5312-crash-in-libeio= Issue: https://github.com/tarantool/tarantool/issues/5312 --- src/lib/core/sio.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/core/sio.c b/src/lib/core/sio.c index 97a512eee..44f952c7c 100644 --- a/src/lib/core/sio.c +++ b/src/lib/core/sio.c @@ -53,15 +53,15 @@ sio_socketname(int fd) int save_errno =3D errno; int name_size =3D 2 * SERVICE_NAME_MAXLEN; char *name =3D static_alloc(name_size); - int n =3D snprintf(name, name_size, "fd %d", fd); + int n =3D MIN(snprintf(name, name_size, "fd %d", fd), = name_size); if (fd >=3D 0) { struct sockaddr_storage addr; socklen_t addrlen =3D sizeof(addr); int rc =3D getsockname(fd, (struct sockaddr *) &addr, = &addrlen); if (rc =3D=3D 0) { - n +=3D snprintf(name + n, name_size - n, ", aka = %s", + n +=3D MIN(snprintf(name + n, name_size - n, ", = aka %s", sio_strfaddr((struct sockaddr *)&addr, - = addrlen)); + addrlen)), name_size - = n); } addrlen =3D sizeof(addr); rc =3D getpeername(fd, (struct sockaddr *) &addr, = &addrlen); --=20 2.24.3 (Apple Git-128)