2019-11-20 00:57 EST


View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0002156FSSCPPlatform-Engine interactionpublic2010-03-19 20:21
ReporterEchelon9 
Assigned ToEchelon9 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
Product Version3.6.12 RC1 
Target VersionFixed in Version3.6.12 RC2 
Summary0002156: Crash within outwnd_printf2(char*, ...) on non-Windows platforms
DescriptionA reproducible crash, caused by the engine overwriting a stack buffer in logging functions in outwnd_unix.cpp. Caused by vsprintf().

Issue found while developing Diaspora.
TagsNo tags attached.
Attached Files
  • patch file icon fix-for-mantis-2156.patch (1,059 bytes) 2010-03-19 19:51 -
    Index: code/osapi/outwnd_unix.cpp
    ===================================================================
    --- code/osapi/outwnd_unix.cpp	(revision 6022)
    +++ code/osapi/outwnd_unix.cpp	(working copy)
    @@ -156,14 +156,15 @@
     
     void outwnd_printf2(char *format, ...)
     {
    -	char tmp[MAX_LINE_WIDTH*4];
    +	char tmp[MAX_LINE_WIDTH*4] = {'\0'};
     	va_list args;
     
     	if (format == NULL)
     		return;
     
     	va_start(args, format);
    -	vsprintf(tmp, format, args);
    +	// Echelon9 - Switched from vsprintf to vsnprintf to prevent overflow of tmp
    +	vsnprintf(tmp, sizeof(tmp)-1,format, args);
     	va_end(args);
     
     	outwnd_print("General", tmp);
    @@ -171,14 +172,15 @@
     
     void outwnd_printf(char *id, char *format, ...)
     {
    -	char tmp[MAX_LINE_WIDTH*4];
    +	char tmp[MAX_LINE_WIDTH*4] = {'\0'};
     	va_list args;
     
     	if ( (id == NULL) || (format == NULL) )
     		return;
     
     	va_start(args, format);
    -	vsprintf(tmp, format, args);
    +	// Echelon9 - Switched from vsprintf to vsnprintf to prevent overflow of tmp
    +	vsnprintf(tmp, sizeof(tmp)-1,format, args);
     	va_end(args);
     
     	outwnd_print(id, tmp);
    
    patch file icon fix-for-mantis-2156.patch (1,059 bytes) 2010-03-19 19:51 +

-Relationships
+Relationships

-Notes

~0011805

taylor (administrator)

I thought this had already been changed? May not have ever hit SVN I guess.

Anyway, there really isn't a need for the comments in that patch, otherwise it is good. I believe that there is another instance of vsprintf in that same file; don't suppose you could get that one too in an updated patch?

~0011806

Echelon9 (developer)

It was changed in the Windows version of outwnd.cpp, just not in outwnd_unix.cpp

I'll update the other use of vsprintf() to vsnprintf() in that file.

~0011807

Echelon9 (developer)

Fixed in r6023
+Notes

-Issue History
Date Modified Username Field Change
2010-03-19 19:50 Echelon9 New Issue
2010-03-19 19:50 Echelon9 Status new => assigned
2010-03-19 19:50 Echelon9 Assigned To => Echelon9
2010-03-19 19:51 Echelon9 File Added: fix-for-mantis-2156.patch
2010-03-19 19:51 Echelon9 Status assigned => confirmed
2010-03-19 20:15 taylor Note Added: 0011805
2010-03-19 20:18 Echelon9 Note Added: 0011806
2010-03-19 20:21 Echelon9 Note Added: 0011807
2010-03-19 20:21 Echelon9 Status confirmed => resolved
2010-03-19 20:21 Echelon9 Fixed in Version => 3.6.12 RC2
2010-03-19 20:21 Echelon9 Resolution open => fixed
+Issue History