projects / platform / upstream / dotnet / runtime.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d4519be)
[merp] Don't overrun buffer in copy_summary_string_safe … (mono/mono#17176)
authorAleksey Kliger (λgeek) <alklig@microsoft.com>
Fri, 4 Oct 2019 05:17:49 +0000 (01:17 -0400)
committerAlexis Christoforides <alexis@thenull.net>
Fri, 4 Oct 2019 05:17:49 +0000 (01:17 -0400)
* [merp] Don't overrun buffer in copy_summary_string_safe

MonoFrameSummary:str_destr is an array of MONO_MAX_SUMMARY_NAME_LEN bytes, not
MONO_MAX_SUMMARY_NAME_LEN + 1 bytes.

Fixes Coverity CID 1454563

* [merp] Use g_strlcpy for copy_summary_string_safe

Fixes Coverity CID 1454563

We would sometimes write to MonoSummaryFrame:str_descr which is
MONO_MAX_SUMMARY_NAME_LEN bytes long at index MONO_MAX_SUMMARY_NAME_LEN which
is one past the end of the array.

* nit: rename confusing parameter names

old names were confusing - we were copying from 'out' to 'in'.  Now we copy to
'dest' from 'src'

Commit migrated from https://github.com/mono/mono/commit/ea2a460cf68b6d16a3b379842e91c0bdf942ca16

src/mono/mono/mini/mini-exceptions.c patch | blob | history

diff --git a/src/mono/mono/mini/mini-exceptions.c b/src/mono/mono/mini/mini-exceptions.c
index 4a2c757..6c4c768 100644 (file)
--- a/src/mono/mono/mini/mini-exceptions.c
+++ b/src/mono/mono/mini/mini-exceptions.c
@@ -1422,17 +1422,9 @@ typedef struct {
 } MonoSummarizeUserData;
 
 static void
-copy_summary_string_safe (char *in, const char *out)
+copy_summary_string_safe (char *dest, const char *src)
 {
-       for (int i=0; i < MONO_MAX_SUMMARY_NAME_LEN; i++) {
-               in [i] = out [i];
-               if (out [i] == '\0')
-                       return;
-       }
-
-       // Overflowed
-       in [MONO_MAX_SUMMARY_NAME_LEN] = '\0';
-       return;
+       g_strlcpy (dest, src, MONO_MAX_SUMMARY_NAME_LEN);
 }
 
 static void
Domain: Dotnet / Core;