Fix stack-buffer-overflow errorsubmit/tizen_4.0/20180614.141622accepted/tizen/4.0/unified/20180614.230614

Lenghts in sscanf format string refer to actually read bytes, without
including space for null byte, E.g.:

  ...
  char buff[5+1];
  sscanf(other_buff, "%5s", buff);
  ...

Change-Id: I203e1bc04ba1e352029849e5bd29a7a6ca8a5763

1 files changed, 6 insertions, 1 deletions

diff --git a/src/crash-stack/crash-stack.c b/src/crash-stack/crash-stack.c
index bd1f157..d57ef0b 100644
--- a/src/crash-stack/crash-stack.c
+++ b/src/crash-stack/crash-stack.c
@@ -57,6 +57,8 @@
 #define STR_ANONY "[anony]"
 #define STR_ANONY_LEN 8
 
+#define STR_FS(length) "%"#length"s"
+
 static FILE *outputfile = NULL;		///< global output stream
 static FILE *errfile = NULL;		///< global error stream
 static FILE *bufferfile = NULL;		///< buffer file for ordering
@@ -645,7 +647,10 @@ static struct addr_node *get_addr_list_from_maps(int fd)
 	/* parsing the maps to get executable code address */
 	while (fgets_fd(linebuf, BUF_SIZE, fd) != NULL) {
 		memset(path, 0, PATH_MAX);
-		result = sscanf(linebuf, "%34s %5s %*s %*s %*s %256s ", addr, perm, path);
+		result = sscanf(linebuf, STR_FS(sizeof(addr)-1)
+				 STR_FS(sizeof(perm)-1)
+				 "%*s %*s %*s"
+				 STR_FS(sizeof(path)-1), addr, perm, path);
 		if (result < 0)
 			continue;
 		perm[PERM_LEN - 1] = 0;