[Lldb-commits] [lldb] r235991 - Replace sprintf with snprintf to avoid a crash.

Ilia K ki.stfu at gmail.com
Tue Apr 28 07:26:01 PDT 2015 

Hello Abid,

I thought it never can happen because cUnescapedChar is less than 255 and
"\\x%02hhu" prints something like \x12. Am I wrong?

Thanks,
Ilia


On Tue, Apr 28, 2015 at 5:16 PM, Hafiz Abid Qadeer <hafiz_abid at mentor.com>
wrote:

> Author: abidh
> Date: Tue Apr 28 09:16:00 2015
> New Revision: 235991
>
> URL: http://llvm.org/viewvc/llvm-project?rev=235991&view=rev
> Log:
> Replace sprintf with snprintf to avoid a crash.
> During testing -data-list-register-values, I saw a crash here due to
> buffer overflow.
> This commit should fix the crash. There is still problem with printing
> 1-byte register
> in some cases that I will fix separately.
>
> No regression on MI test cases.
>
>
> Modified:
>     lldb/trunk/tools/lldb-mi/MIUtilString.cpp
>
> Modified: lldb/trunk/tools/lldb-mi/MIUtilString.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/lldb/trunk/tools/lldb-mi/MIUtilString.cpp?rev=235991&r1=235990&r2=235991&view=diff
>
> ==============================================================================
> --- lldb/trunk/tools/lldb-mi/MIUtilString.cpp (original)
> +++ lldb/trunk/tools/lldb-mi/MIUtilString.cpp Tue Apr 28 09:16:00 2015
> @@ -17,6 +17,7 @@
>
>  // In-house headers:
>  #include "MIUtilString.h"
> +#include "Platform.h"
>
>  //++
> ------------------------------------------------------------------------------------
>  // Details: CMIUtilString constructor.
> @@ -844,8 +845,9 @@ CMIUtilString::Escape(const bool vbEscap
>                      strNew.push_back(cUnescapedChar);
>                  else
>                  {
> -                    char strEscapedChar[sizeof("\\xXX")];
> -                    ::sprintf(strEscapedChar, "\\x%02" PRIx8,
> cUnescapedChar);
> +                    const size_t size = sizeof("\\xXX");
> +                    char strEscapedChar[size];
> +                    ::snprintf(strEscapedChar, size, "\\x%02" PRIx8,
> cUnescapedChar);
>                      strNew.append(strEscapedChar);
>                  }
>                  break;
>
>
> _______________________________________________
> lldb-commits mailing list
> lldb-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20150428/6c4d7da2/attachment.html>

More information about the lldb-commits mailing list