[SCM] Samba Shared Repository - branch master updated
Martin Schwenke
martins at samba.org
Tue Feb 22 00:18:01 UTC 2022
The branch, master has been updated
via a2590298b03 util: CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
from 521e1195640 autobuild: Rewrite the symbol checking
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a2590298b035404d507fac1ea0e11dcd88a939fa
Author: Martin Schwenke <martin at meltin.net>
Date: Fri Feb 18 12:02:50 2022 +1100
util: CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
This is quite bizarre:
*** CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
/lib/util/debug.c: 1742 in dbghdrclass()
1736 sizeof(tvbuf.buf),
1737 "%ld seconds since the Epoch", (long)t);
1738 }
1739 }
1740
1741 ensure_hostname();
>>> CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
>>> In the call to function "snprintf", the object pointed to by argument "state.hostname" may overlap with the object pointed to by argument "state.header_str".
1742 state.hs_len = snprintf(state.header_str,
1743 sizeof(state.header_str),
1744 "%s %s %s[%u]: ",
1745 tvbuf.buf,
1746 state.hostname,
1747 state.prog_name,
Coverity doesn't explicitly say so but the only way this can happen is
if state.hostname is not NUL-terminated within its declared length.
ensure_hostname() and debug_set_hostname() ensure NUL-termination, but
the caching effect of ensure_hostname() probably stops Coverity from
being certain about anything.
Try making Coverity happy by using a precision to limit the number of
characters from hostname that can be used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Feb 22 00:17:12 UTC 2022 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
lib/util/debug.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 784357e9370..4143cb6058a 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -1741,8 +1741,9 @@ bool dbghdrclass(int level, int cls, const char *location, const char *func)
ensure_hostname();
state.hs_len = snprintf(state.header_str,
sizeof(state.header_str),
- "%s %s %s[%u]: ",
+ "%s %.*s %s[%u]: ",
tvbuf.buf,
+ (int)(sizeof(state.hostname) - 1),
state.hostname,
state.prog_name,
(unsigned int) getpid());
--
Samba Shared Repository
More information about the samba-cvs
mailing list