From 104b22b9ef844809cae97d420bcbe43e1c9ce6bd Mon Sep 17 00:00:00 2001 From: Mateusz Moscicki Date: Thu, 14 Jun 2018 12:37:56 +0200 Subject: [PATCH] Fix stack-buffer-overflow error Lenghts in sscanf format string refer to actually read bytes, without including space for null byte, E.g.: ... char buff[5+1]; sscanf(other_buff, "%5s", buff); ... Change-Id: I203e1bc04ba1e352029849e5bd29a7a6ca8a5763 --- src/crash-stack/crash-stack.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/crash-stack/crash-stack.c b/src/crash-stack/crash-stack.c index 09de05c..7581e08 100644 --- a/src/crash-stack/crash-stack.c +++ b/src/crash-stack/crash-stack.c @@ -58,6 +58,8 @@ #define STR_ANONY "[anony]" #define STR_ANONY_LEN 8 +#define STR_FS(length) "%"#length"s" + static FILE *outputfile = NULL; ///< global output stream static FILE *errfile = NULL; ///< global error stream static FILE *bufferfile = NULL; ///< buffer file for ordering @@ -646,7 +648,10 @@ static struct addr_node *get_addr_list_from_maps(int fd) /* parsing the maps to get executable code address */ while (fgets_fd(linebuf, BUF_SIZE, fd) != NULL) { memset(path, 0, PATH_MAX); - result = sscanf(linebuf, "%34s %5s %*s %*s %*s %256s ", addr, perm, path); + result = sscanf(linebuf, STR_FS(sizeof(addr)-1) + STR_FS(sizeof(perm)-1) + "%*s %*s %*s" + STR_FS(sizeof(path)-1), addr, perm, path); if (result < 0) continue; perm[PERM_LEN - 1] = 0; -- 2.7.4