Fix SVACE issues

The function strerror() is a vulnerable function because it is thread-unsafe.
Instead of this function, ttrace will use strerror_r() which guarantees thread-safety.

Change-Id: I904887011c404468a5660792efcf08c4a632366f
Signed-off-by: Sung-hun Kim <sfoon.kim@samsung.com>

diff --git a/atrace-helper/logging.h b/atrace-helper/logging.h
index ecbb56b3efb2c1f231d62b523e94ae8c9c2e26f6..d8ab3e5d53d5375a0340d526e38e811f6383cb36 100644 (file)
--- a/atrace-helper/logging.h
+++ b/atrace-helper/logging.h
@@ -10,15 +10,19 @@
 #include <stdlib.h>
 #include <string.h>
 
-#define CHECK_ARGS(COND, ERR)                                          \
+#define BUF_MAX 255
+
+#define CHECK_ARGS(COND, ERR_BUF)                                      \
   "FAILED CHECK(%s) @ %s:%d (errno: %s)\n", #COND, __FILE__, __LINE__, \
-      strerror(ERR)
+      ERR_BUF
 
 #define CHECK(x)                                              \
   do {                                                        \
     if (!(x)) {                                               \
       const int e = errno;                                    \
-      fprintf(stderr, "\n" CHECK_ARGS(x, e));                 \
+      char errbuf[BUF_MAX];                                   \
+      strerror_r(e, errbuf, BUF_MAX);                         \
+      fprintf(stderr, "\n" CHECK_ARGS(x, errbuf));            \
       fflush(stderr);                                         \
       abort();                                                \
     }                                                         \