Fix stack-buffer-overflow error

Lenghts in sscanf format string refer to actually read bytes, without
including space for null byte, E.g.:

  ...
  char buff[5+1];
  sscanf(other_buff, "%5s", buff);
  ...

Change-Id: I203e1bc04ba1e352029849e5bd29a7a6ca8a5763

diff --git a/src/crash-stack/crash-stack.c b/src/crash-stack/crash-stack.c
index 09de05c..7581e08 100644 (file)
--- a/src/crash-stack/crash-stack.c
+++ b/src/crash-stack/crash-stack.c
@@ -58,6 +58,8 @@
 #define STR_ANONY "[anony]"
 #define STR_ANONY_LEN 8
 
+#define STR_FS(length) "%"#length"s"
+
 static FILE *outputfile = NULL;                ///< global output stream
 static FILE *errfile = NULL;           ///< global error stream
 static FILE *bufferfile = NULL;                ///< buffer file for ordering
@@ -646,7 +648,10 @@ static struct addr_node *get_addr_list_from_maps(int fd)
        /* parsing the maps to get executable code address */
        while (fgets_fd(linebuf, BUF_SIZE, fd) != NULL) {
                memset(path, 0, PATH_MAX);
-               result = sscanf(linebuf, "%34s %5s %*s %*s %*s %256s ", addr, perm, path);
+               result = sscanf(linebuf, STR_FS(sizeof(addr)-1)
+                                STR_FS(sizeof(perm)-1)
+                                "%*s %*s %*s"
+                                STR_FS(sizeof(path)-1), addr, perm, path);
                if (result < 0)
                        continue;
                perm[PERM_LEN - 1] = 0;