[PATCH] Sanitize printf functions
Evgeniy Stepanov
eugenis at google.com
Wed Jan 15 00:58:23 PST 2014
================
Comment at: lib/sanitizer_common/sanitizer_common_interceptors.inc:697
@@ +696,3 @@
+ va_copy(ar, ap); \
+ int size = REAL(vname2)(str, 0, format, ar); \
+ if (size >= 0) { \
----------------
Unless I'm missing something, you could use REAL(strlen)(str) here instead of calling *printf twice.
================
Comment at: lib/sanitizer_common/sanitizer_common_interceptors_scanf.inc:161
@@ +160,3 @@
+ if (convSpecifier == 'p') {
+ if (lengthModifier[1] != 0)
+ return FSS_INVALID;
----------------
Should it be lengthModifier[0]?
Looks like a bug in the original code.
http://llvm-reviews.chandlerc.com/D2480
More information about the llvm-commits
mailing list