Buffer audit. Resize a few.
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@14824 a5019735-40e9-0310-863c-91ae7b9d1cf9
diff --git a/callgrind/main.c b/callgrind/main.c
index 0180ec6..6845d9d 100644
--- a/callgrind/main.c
+++ b/callgrind/main.c
@@ -1656,8 +1656,9 @@
case VG_USERREQ__DUMP_STATS_AT:
{
- HChar buf[512];
- VG_(sprintf)(buf,"Client Request: %s", (HChar*)args[1]);
+ const HChar *arg = (HChar*)args[1];
+ HChar buf[30 + VG_(strlen)(arg)]; // large enough
+ VG_(sprintf)(buf,"Client Request: %s", arg);
CLG_(dump_profile)(buf, True);
*ret = 0; /* meaningless */
}
diff --git a/callgrind/threads.c b/callgrind/threads.c
index 9c43271..023009f 100644
--- a/callgrind/threads.c
+++ b/callgrind/threads.c
@@ -179,7 +179,7 @@
{
/* check for dumps needed */
static ULong bbs_done = 0;
- static HChar buf[512];
+ HChar buf[50]; // large enough
if (CLG_(clo).dump_every_bb >0) {
if (CLG_(stat).bb_executions - bbs_done > CLG_(clo).dump_every_bb) {
diff --git a/coregrind/m_aspacemgr/aspacemgr-linux.c b/coregrind/m_aspacemgr/aspacemgr-linux.c
index 17f4ab0..c5ad4d9 100644
--- a/coregrind/m_aspacemgr/aspacemgr-linux.c
+++ b/coregrind/m_aspacemgr/aspacemgr-linux.c
@@ -1116,7 +1116,7 @@
# if 0
{
- HChar buf[100];
+ HChar buf[100]; // large enough
VG_(am_show_nsegments)(0,"post syncheck failure");
VG_(sprintf)(buf, "/bin/cat /proc/%d/maps", VG_(getpid)());
VG_(system)(buf);
diff --git a/coregrind/m_gdbserver/server.c b/coregrind/m_gdbserver/server.c
index 7f2e5c9..85242f1 100644
--- a/coregrind/m_gdbserver/server.c
+++ b/coregrind/m_gdbserver/server.c
@@ -720,7 +720,6 @@
unsigned long gdb_id;
struct thread_info *ti;
ThreadState *tst;
- char status[100];
gdb_id = strtoul (&arg_own_buf[17], NULL, 16);
ti = gdb_id_to_thread (gdb_id);
@@ -728,6 +727,13 @@
tst = (ThreadState *) inferior_target_data (ti);
/* Additional info is the tid, the thread status and the thread's
name, if any. */
+ SizeT len = strlen(VG_(name_of_ThreadStatus)(tst->status)) + 20;
+ if (tst->thread_name) len += strlen(tst->thread_name);
+ /* As the string will be hexified and copied into own_buf we need
+ to limit the length to avoid buffer overflow. */
+ if (len * 2 > (PBUFSIZ + POVERHSIZ))
+ len = (PBUFSIZ + POVERHSIZ) / 2;
+ char status[len];
if (tst->thread_name) {
VG_(snprintf) (status, sizeof(status), "tid %d %s %s",
tst->tid,
diff --git a/coregrind/m_gdbserver/target.c b/coregrind/m_gdbserver/target.c
index e248228..4a738d2 100644
--- a/coregrind/m_gdbserver/target.c
+++ b/coregrind/m_gdbserver/target.c
@@ -43,7 +43,7 @@
static
char *image_ptid(unsigned long ptid)
{
- static char result[100];
+ static char result[50]; // large enough
VG_(sprintf) (result, "id %ld", ptid);
return result;
}
diff --git a/coregrind/m_scheduler/scheduler.c b/coregrind/m_scheduler/scheduler.c
index c45b147..4faf001 100644
--- a/coregrind/m_scheduler/scheduler.c
+++ b/coregrind/m_scheduler/scheduler.c
@@ -267,8 +267,7 @@
#if 0
if (VG_(clo_trace_sched)) {
- HChar buf[100];
- vg_assert(VG_(strlen)(who) <= 100-50);
+ HChar buf[VG_(strlen)(who) + 30];
VG_(sprintf)(buf, "waiting for lock (%s)", who);
print_sched_event(tid, buf);
}
@@ -298,8 +297,7 @@
}
if (VG_(clo_trace_sched)) {
- HChar buf[150];
- vg_assert(VG_(strlen)(who) <= 150-50);
+ HChar buf[VG_(strlen)(who) + 30];
VG_(sprintf)(buf, " acquired lock (%s)", who);
print_sched_event(tid, buf);
}
@@ -328,10 +326,9 @@
VG_(running_tid) = VG_INVALID_THREADID;
if (VG_(clo_trace_sched)) {
- HChar buf[200];
- vg_assert(VG_(strlen)(who) <= 200-100);
- VG_(sprintf)(buf, "releasing lock (%s) -> %s",
- who, VG_(name_of_ThreadStatus)(sleepstate));
+ const HChar *status = VG_(name_of_ThreadStatus)(sleepstate);
+ HChar buf[VG_(strlen)(who) + VG_(strlen)(status) + 30];
+ VG_(sprintf)(buf, "releasing lock (%s) -> %s", who, status);
print_sched_event(tid, buf);
}
diff --git a/coregrind/m_sigframe/sigframe-ppc32-linux.c b/coregrind/m_sigframe/sigframe-ppc32-linux.c
index 8731c4f..aae1d2f 100644
--- a/coregrind/m_sigframe/sigframe-ppc32-linux.c
+++ b/coregrind/m_sigframe/sigframe-ppc32-linux.c
@@ -107,7 +107,7 @@
struct vki_sigcontext sigcontext;
struct vki_mcontext mcontext;
struct vg_sig_private priv;
- unsigned char abigap[224];
+ unsigned char abigap[224]; // unused
};
/* Structure put on stack for signal handlers with SA_SIGINFO set. */
@@ -116,7 +116,7 @@
vki_siginfo_t siginfo;
struct vki_ucontext ucontext;
struct vg_sig_private priv;
- unsigned char abigap[224];
+ unsigned char abigap[224]; // unused
};
#define SET_SIGNAL_LR(zztst, zzval) \
diff --git a/coregrind/m_sigframe/sigframe-ppc64-linux.c b/coregrind/m_sigframe/sigframe-ppc64-linux.c
index 17a3c50..459d6b1 100644
--- a/coregrind/m_sigframe/sigframe-ppc64-linux.c
+++ b/coregrind/m_sigframe/sigframe-ppc64-linux.c
@@ -114,7 +114,7 @@
void* puc;
vki_siginfo_t info;
struct vg_sig_private priv;
- UChar abigap[288];
+ UChar abigap[288]; // unused
};
#define SET_SIGNAL_LR(zztst, zzval) \
diff --git a/coregrind/m_signals.c b/coregrind/m_signals.c
index cf61137..508f315 100644
--- a/coregrind/m_signals.c
+++ b/coregrind/m_signals.c
@@ -1219,7 +1219,7 @@
static
HChar* format_sigset ( const vki_sigset_t* set )
{
- static HChar buf[128];
+ static HChar buf[_VKI_NSIG_WORDS * 16 + 1];
int w;
VG_(strcpy)(buf, "");
@@ -1647,7 +1647,7 @@
}
#if 0
{
- HChar buf[110];
+ HChar buf[50]; // large enough
VG_(am_show_nsegments)(0,"post segfault");
VG_(sprintf)(buf, "/bin/cat /proc/%d/maps", VG_(getpid)());
VG_(system)(buf);
diff --git a/coregrind/vgdb-invoker-ptrace.c b/coregrind/vgdb-invoker-ptrace.c
index 1d43390..e9d1392 100644
--- a/coregrind/vgdb-invoker-ptrace.c
+++ b/coregrind/vgdb-invoker-ptrace.c
@@ -226,7 +226,7 @@
static
char *status_image (int status)
{
- static char result[256];
+ static char result[256]; // large enough
int sz = 0;
#define APPEND(...) sz += snprintf (result+sz, 256 - sz - 1, __VA_ARGS__)
diff --git a/helgrind/libhb_core.c b/helgrind/libhb_core.c
index 1668df8..b146e0a 100644
--- a/helgrind/libhb_core.c
+++ b/helgrind/libhb_core.c
@@ -1089,7 +1089,7 @@
static Bool is_sane_Descr_and_Tree ( UShort descr, SVal* tree ) {
Word i;
UChar validbits = descr_to_validbits(descr);
- HChar buf[128], buf2[128];
+ HChar buf[128], buf2[128]; // large enough
if (validbits == 0)
goto bad;
for (i = 0; i < 8; i++) {