diff options
| author | Elijah Conners <business@elijahpepe.com> | 2022-07-19 22:37:47 -0700 |
|---|---|---|
| committer | Elijah Conners <business@elijahpepe.com> | 2022-07-19 22:37:47 -0700 |
| commit | 68da198e67ef88a55dfb184b804b91534d9406fc (patch) | |
| tree | 163c1955b106a3b2c2068d9e62d7f32b6328b667 /absl/synchronization/mutex.cc | |
| parent | 0c8bd82e90bac01f8afc6afdd5754d9d9b16cf68 (diff) | |
| download | abseil-68da198e67ef88a55dfb184b804b91534d9406fc.tar.gz abseil-68da198e67ef88a55dfb184b804b91534d9406fc.tar.bz2 abseil-68da198e67ef88a55dfb184b804b91534d9406fc.zip | |
fix(mutex): safely call snprintf
In the PostSynchEvent() function, the pos integer uses an implementation
of snprintf that is fundamentally unsafe: since the return value of
snprintf is the number of characters that would have been written to the
buffer, if an operation reaches the end of the buffer with more than one
character discarded, the return value will be greater than the buffer
size, requiring a check of the buffer's current size.
Signed-off-by: Elijah Conners <business@elijahpepe.com>
Diffstat (limited to 'absl/synchronization/mutex.cc')
| -rw-r--r-- | absl/synchronization/mutex.cc | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/absl/synchronization/mutex.cc b/absl/synchronization/mutex.cc index 52e2455d..1e3ca35a 100644 --- a/absl/synchronization/mutex.cc +++ b/absl/synchronization/mutex.cc @@ -430,7 +430,11 @@ static void PostSynchEvent(void *obj, int ev) { char buffer[ABSL_ARRAYSIZE(pcs) * 24]; int pos = snprintf(buffer, sizeof (buffer), " @"); for (int i = 0; i != n; i++) { - pos += snprintf(&buffer[pos], sizeof (buffer) - pos, " %p", pcs[i]); + int b += snprintf(&buffer[pos], sizeof (buffer) - pos, " %p", pcs[i]); + if (b < 0 || b >= sizeof (buffer) - pos) { + break; + } + pos += b; } ABSL_RAW_LOG(INFO, "%s%p %s %s", event_properties[ev].msg, obj, (e == nullptr ? "" : e->name), buffer); |