[PATCH] Sanitize printf functions
Yury Gribov
tetra2005 at gmail.com
Wed Jan 15 02:36:52 PST 2014
================
Comment at: lib/sanitizer_common/sanitizer_common_interceptors.inc:697
@@ +696,3 @@
+ va_copy(ar, ap); \
+ int size = REAL(vname2)(str, 0, format, ar); \
+ if (size >= 0) { \
----------------
Evgeniy Stepanov wrote:
> Unless I'm missing something, you could use REAL(strlen)(str) here instead of calling *printf twice.
Hm but str isn't necessarily a string - it's just plain array of chars. I don't think we can call strlen on it.
================
Comment at: lib/sanitizer_common/sanitizer_common_interceptors_scanf.inc:161
@@ +160,3 @@
+ if (convSpecifier == 'p') {
+ if (lengthModifier[1] != 0)
+ return FSS_INVALID;
----------------
Evgeniy Stepanov wrote:
> Should it be lengthModifier[0]?
> Looks like a bug in the original code.
>
1) Bug or some weird GNU scanf (mis)feature. Who is the author of this piece?
2) How do you guys normally treat situations when both change code and move it to a different place for clarity? Do you make two separate commits to make reviewers life easier?
http://llvm-reviews.chandlerc.com/D2480
More information about the llvm-commits
mailing list