folkert/simh-testsetgenerator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

FRONTPANEL: Add format buffer bounds checking

Browse source
This commit is contained in:
Mark Pizzolato 2017-12-10 20:04:11 -08:00
parent 06e7851d83
commit e083a93ea2
1 changed files with 23 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
sim_frontpanel.c
View file

@ -276,19 +276,29 @@ static void __panel_debug (PANEL *p, int dbits, const char *fmt, const char *buf
static void __panel_vdebug (PANEL *p, int dbits, const char *fmt, const char *buf, int bufsize, va_list arglist) static void __panel_vdebug (PANEL *p, int dbits, const char *fmt, const char *buf, int bufsize, va_list arglist)
{ {
if (p && p->Debug && (dbits & p->debug)) { size_t obufsize = 10240 + 9*bufsize;
int i;
while (p && p->Debug && (dbits & p->debug)) {
int i, len;
struct timespec time_now; struct timespec time_now;
char timestamp[32]; char timestamp[32];
char threadname[50]; char threadname[50];
size_t obufsize = 10240 + 8*bufsize;
char *obuf = (char *)_panel_malloc (obufsize); char *obuf = (char *)_panel_malloc (obufsize);
clock_gettime(CLOCK_REALTIME, &time_now); clock_gettime(CLOCK_REALTIME, &time_now);
sprintf (timestamp, "%lld.%03d ", (long long)(time_now.tv_sec), (int)(time_now.tv_nsec/1000000)); sprintf (timestamp, "%lld.%03d ", (long long)(time_now.tv_sec), (int)(time_now.tv_nsec/1000000));
sprintf (threadname, "%s:%s ", p->parent ? p->device_name : "CPU", (pthread_getspecific (panel_thread_id)) ? (char *)pthread_getspecific (panel_thread_id) : ""); sprintf (threadname, "%s:%s ", p->parent ? p->device_name : "CPU", (pthread_getspecific (panel_thread_id)) ? (char *)pthread_getspecific (panel_thread_id) : "");
vsnprintf (obuf, obufsize - 1, fmt, arglist); obuf[obufsize - 1] = '\0';
len = vsnprintf (obuf, obufsize - 1, fmt, arglist);
if (len < 0)
return;
/* If the formatted result didn't fit into the buffer, then grow the buffer and try again */
if (len >= (int)(obufsize - 9*bufsize)) {
obufsize = len + 1 + 9*bufsize;
free (obuf);
continue;
}
for (i=0; i<bufsize; ++i) { for (i=0; i<bufsize; ++i) {
switch ((unsigned char)buf[i]) { switch ((unsigned char)buf[i]) {
@ -354,6 +364,7 @@ if (p && p->Debug && (dbits & p->debug)) {
} }
fprintf(p->Debug, "%s%s%s\n", timestamp, threadname, obuf); fprintf(p->Debug, "%s%s%s\n", timestamp, threadname, obuf);
free (obuf); free (obuf);
break;
} }
} }
@ -2424,9 +2435,10 @@ while (1) { /* format passed string, arg
len = vsnprintf (sim_panel_error_buf, sim_panel_error_bufsize-1, fmt, arglist); len = vsnprintf (sim_panel_error_buf, sim_panel_error_bufsize-1, fmt, arglist);
va_end (arglist); va_end (arglist);
if (len < 0) /* Format encoding error? */
break;
/* If the formatted result didn't fit into the buffer, then grow the buffer and try again */ /* If the formatted result didn't fit into the buffer, then grow the buffer and try again */
if (len >= (int)(sim_panel_error_bufsize-1)) {
if ((len < 0) || (len >= (int)(sim_panel_error_bufsize-1))) {
free (sim_panel_error_buf); free (sim_panel_error_buf);
sim_panel_error_bufsize = sim_panel_error_bufsize * 2; sim_panel_error_bufsize = sim_panel_error_bufsize * 2;
while ((int)sim_panel_error_bufsize < len + 1) while ((int)sim_panel_error_bufsize < len + 1)
@ -2461,9 +2473,11 @@ while (1) { /* format passed string, arg
len = vsnprintf (buf, bufsize-1, fmt, arglist); len = vsnprintf (buf, bufsize-1, fmt, arglist);
va_end (arglist); va_end (arglist);
/* If the formatted result didn't fit into the buffer, then grow the buffer and try again */ if (len < 0)
return sim_panel_set_error (NULL, "Format encoding error while processing '%s'", fmt);
if ((len < 0) || ((len + post_fix_len) >= bufsize-1)) { /* If the formatted result didn't fit into the buffer, then grow the buffer and try again */
if ((len + post_fix_len) >= bufsize-1) {
if (buf != stackbuf) if (buf != stackbuf)
free (buf); free (buf);
bufsize = bufsize * 2; bufsize = bufsize * 2;