[v2] gdb/nat/linux-osdata.c: fix build on gcc-12 (string overfow)

Message ID 20211116235521.223574-1-slyich@gmail.com
State New
Headers show
Series
  • [v2] gdb/nat/linux-osdata.c: fix build on gcc-12 (string overfow)
Related show

Commit Message

Mike Frysinger via Binutils Nov. 16, 2021, 11:55 p.m.
From: Sergei Trofimovich <siarheit@google.com>


On gcc-12 build fails as:

    ../../gdbserver/../gdb/nat/linux-osdata.c: In function 'void linux_xfer_osdata_processes(buffer*)':
    ../../gdbserver/../gdb/nat/linux-osdata.c:330:39: error:
      '__builtin___sprintf_chk' may write a terminating nul past the end of the destination [-Werror=format-overflow=]
      330 |                 sprintf (core_str, "%d", i);
          |                                       ^

It's an off-by-one case in an infeasible scenario for negative
huge core count. The change switches to std::string for memory
handling.

Tested by running 'info os processes' and checking CPU cores column.
---
 gdb/nat/linux-osdata.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

-- 
2.33.1

Comments

Mike Frysinger via Binutils Nov. 17, 2021, 1:09 a.m. | #1
On 2021-11-16 18:55, Sergei Trofimovich wrote:
> From: Sergei Trofimovich <siarheit@google.com>

> 

> On gcc-12 build fails as:

> 

>     ../../gdbserver/../gdb/nat/linux-osdata.c: In function 'void linux_xfer_osdata_processes(buffer*)':

>     ../../gdbserver/../gdb/nat/linux-osdata.c:330:39: error:

>       '__builtin___sprintf_chk' may write a terminating nul past the end of the destination [-Werror=format-overflow=]

>       330 |                 sprintf (core_str, "%d", i);

>           |                                       ^

> 

> It's an off-by-one case in an infeasible scenario for negative

> huge core count. The change switches to std::string for memory

> handling.

> 

> Tested by running 'info os processes' and checking CPU cores column.


Thanks, this is ok.  Do you have push access, or do you want me to push
it on your behalf?

Simon
Mike Frysinger via Binutils Nov. 17, 2021, 8:29 a.m. | #2
On Tue, 16 Nov 2021 20:09:57 -0500
Simon Marchi <simon.marchi@polymtl.ca> wrote:

> On 2021-11-16 18:55, Sergei Trofimovich wrote:

> > From: Sergei Trofimovich <siarheit@google.com>

> > 

> > On gcc-12 build fails as:

> > 

> >     ../../gdbserver/../gdb/nat/linux-osdata.c: In function 'void linux_xfer_osdata_processes(buffer*)':

> >     ../../gdbserver/../gdb/nat/linux-osdata.c:330:39: error:

> >       '__builtin___sprintf_chk' may write a terminating nul past the end of the destination [-Werror=format-overflow=]

> >       330 |                 sprintf (core_str, "%d", i);

> >           |                                       ^

> > 

> > It's an off-by-one case in an infeasible scenario for negative

> > huge core count. The change switches to std::string for memory

> > handling.

> > 

> > Tested by running 'info os processes' and checking CPU cores column.  

> 

> Thanks, this is ok.  Do you have push access, or do you want me to push

> it on your behalf?


Pushed as:
    https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=486f9e20e037f1eea2dce98dc393db60df5feef3

Thank you!

-- 

  Sergei

Patch

diff --git a/gdb/nat/linux-osdata.c b/gdb/nat/linux-osdata.c
index 9746d1210fe..91bbe10e515 100644
--- a/gdb/nat/linux-osdata.c
+++ b/gdb/nat/linux-osdata.c
@@ -302,7 +302,7 @@  linux_xfer_osdata_processes (struct buffer *buffer)
 	  char *command_line;
 	  int *cores;
 	  int task_count;
-	  char *cores_str;
+	  std::string cores_str;
 	  int i;
 
 	  if (!isdigit (dp->d_name[0])
@@ -320,19 +320,15 @@  linux_xfer_osdata_processes (struct buffer *buffer)
 	  /* Find CPU cores used by the process.  */
 	  cores = XCNEWVEC (int, num_cores);
 	  task_count = get_cores_used_by_process (pid, cores, num_cores);
-	  cores_str = (char *) xcalloc (task_count, sizeof ("4294967295") + 1);
 
 	  for (i = 0; i < num_cores && task_count > 0; ++i)
 	    if (cores[i])
 	      {
-		char core_str[sizeof ("4294967295")];
-
-		sprintf (core_str, "%d", i);
-		strcat (cores_str, core_str);
+		string_appendf (cores_str, "%d", i);
 
 		task_count -= cores[i];
 		if (task_count > 0)
-		  strcat (cores_str, ",");
+		  cores_str += ",";
 	      }
 
 	  xfree (cores);
@@ -348,10 +344,9 @@  linux_xfer_osdata_processes (struct buffer *buffer)
 	     pid,
 	     user,
 	     command_line ? command_line : "",
-	     cores_str);
+	     cores_str.c_str());
 
 	  xfree (command_line);
-	  xfree (cores_str);
 	}
 
       closedir (dirp);