diff options
author | Mateusz Moscicki <m.moscicki2@partner.samsung.com> | 2018-06-14 12:37:56 +0200 |
---|---|---|
committer | Mateusz Moscicki <m.moscicki2@partner.samsung.com> | 2018-06-14 13:05:53 +0200 |
commit | ebe02a214b92b1ab62ab041e3529f1296b0f5261 (patch) | |
tree | 651ff2a7baeab8e098a8760d681b2eb654d835dd | |
parent | a8bd950798da895f791cd89f4c907f533d2e9b15 (diff) | |
download | crash-worker-submit/tizen_4.0/20180614.141622.tar.gz crash-worker-submit/tizen_4.0/20180614.141622.tar.bz2 crash-worker-submit/tizen_4.0/20180614.141622.zip |
Fix stack-buffer-overflow errorsubmit/tizen_4.0/20180614.141622accepted/tizen/4.0/unified/20180614.230614
Lenghts in sscanf format string refer to actually read bytes, without
including space for null byte, E.g.:
...
char buff[5+1];
sscanf(other_buff, "%5s", buff);
...
Change-Id: I203e1bc04ba1e352029849e5bd29a7a6ca8a5763
-rw-r--r-- | src/crash-stack/crash-stack.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/crash-stack/crash-stack.c b/src/crash-stack/crash-stack.c index bd1f157..d57ef0b 100644 --- a/src/crash-stack/crash-stack.c +++ b/src/crash-stack/crash-stack.c @@ -57,6 +57,8 @@ #define STR_ANONY "[anony]" #define STR_ANONY_LEN 8 +#define STR_FS(length) "%"#length"s" + static FILE *outputfile = NULL; ///< global output stream static FILE *errfile = NULL; ///< global error stream static FILE *bufferfile = NULL; ///< buffer file for ordering @@ -645,7 +647,10 @@ static struct addr_node *get_addr_list_from_maps(int fd) /* parsing the maps to get executable code address */ while (fgets_fd(linebuf, BUF_SIZE, fd) != NULL) { memset(path, 0, PATH_MAX); - result = sscanf(linebuf, "%34s %5s %*s %*s %*s %256s ", addr, perm, path); + result = sscanf(linebuf, STR_FS(sizeof(addr)-1) + STR_FS(sizeof(perm)-1) + "%*s %*s %*s" + STR_FS(sizeof(path)-1), addr, perm, path); if (result < 0) continue; perm[PERM_LEN - 1] = 0; |