View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002156 | FSSCP | Platform-Engine interaction | public | 2010-03-19 23:50 | 2010-03-20 00:21 |
| Reporter | Echelon9 | Assigned To | Echelon9 | ||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 3.6.12 RC1 | ||||
| Fixed in Version | 3.6.12 RC2 | ||||
| Summary | 0002156: Crash within outwnd_printf2(char*, ...) on non-Windows platforms | ||||
| Description | A reproducible crash, caused by the engine overwriting a stack buffer in logging functions in outwnd_unix.cpp. Caused by vsprintf(). Issue found while developing Diaspora. | ||||
| Tags | No tags attached. | ||||
|
2010-03-19 23:51
|
fix-for-mantis-2156.patch (1,059 bytes)
Index: code/osapi/outwnd_unix.cpp
===================================================================
--- code/osapi/outwnd_unix.cpp (revision 6022)
+++ code/osapi/outwnd_unix.cpp (working copy)
@@ -156,14 +156,15 @@
void outwnd_printf2(char *format, ...)
{
- char tmp[MAX_LINE_WIDTH*4];
+ char tmp[MAX_LINE_WIDTH*4] = {'\0'};
va_list args;
if (format == NULL)
return;
va_start(args, format);
- vsprintf(tmp, format, args);
+ // Echelon9 - Switched from vsprintf to vsnprintf to prevent overflow of tmp
+ vsnprintf(tmp, sizeof(tmp)-1,format, args);
va_end(args);
outwnd_print("General", tmp);
@@ -171,14 +172,15 @@
void outwnd_printf(char *id, char *format, ...)
{
- char tmp[MAX_LINE_WIDTH*4];
+ char tmp[MAX_LINE_WIDTH*4] = {'\0'};
va_list args;
if ( (id == NULL) || (format == NULL) )
return;
va_start(args, format);
- vsprintf(tmp, format, args);
+ // Echelon9 - Switched from vsprintf to vsnprintf to prevent overflow of tmp
+ vsnprintf(tmp, sizeof(tmp)-1,format, args);
va_end(args);
outwnd_print(id, tmp);
|
|
|
I thought this had already been changed? May not have ever hit SVN I guess. Anyway, there really isn't a need for the comments in that patch, otherwise it is good. I believe that there is another instance of vsprintf in that same file; don't suppose you could get that one too in an updated patch? |
|
|
It was changed in the Windows version of outwnd.cpp, just not in outwnd_unix.cpp I'll update the other use of vsprintf() to vsnprintf() in that file. |
|
|
Fixed in r6023 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2010-03-19 23:50 | Echelon9 | New Issue | |
| 2010-03-19 23:50 | Echelon9 | Status | new => assigned |
| 2010-03-19 23:50 | Echelon9 | Assigned To | => Echelon9 |
| 2010-03-19 23:51 | Echelon9 | File Added: fix-for-mantis-2156.patch | |
| 2010-03-19 23:51 | Echelon9 | Status | assigned => confirmed |
| 2010-03-20 00:15 | taylor | Note Added: 0011805 | |
| 2010-03-20 00:18 | Echelon9 | Note Added: 0011806 | |
| 2010-03-20 00:21 | Echelon9 | Note Added: 0011807 | |
| 2010-03-20 00:21 | Echelon9 | Status | confirmed => resolved |
| 2010-03-20 00:21 | Echelon9 | Fixed in Version | => 3.6.12 RC2 |
| 2010-03-20 00:21 | Echelon9 | Resolution | open => fixed |
