Buffer audit. Resize a few. git-svn-id: svn://svn.valgrind.org/valgrind/trunk@14824 a5019735-40e9-0310-863c-91ae7b9d1cf9

commit: 7b7d59405204f88cb944155d6bc5114025ebda98 [log] [tgz]
author: florian <florian@a5019735-40e9-0310-863c-91ae7b9d1cf9> Fri Dec 19 20:29:22 2014 +0000
committer: florian <florian@a5019735-40e9-0310-863c-91ae7b9d1cf9> Fri Dec 19 20:29:22 2014 +0000
tree: 139fcdabaab650c8c9a1842cf956aedfcc600f5e
parent: b7742ab1b3859ebf0d102001745e697725555017 [diff]
diff --git a/callgrind/main.c b/callgrind/main.c
index 0180ec6..6845d9d 100644
--- a/callgrind/main.c
+++ b/callgrind/main.c

@@ -1656,8 +1656,9 @@
 
    case VG_USERREQ__DUMP_STATS_AT:
      {
-       HChar buf[512];
-       VG_(sprintf)(buf,"Client Request: %s", (HChar*)args[1]);
+       const HChar *arg = (HChar*)args[1];
+       HChar buf[30 + VG_(strlen)(arg)];    // large enough
+       VG_(sprintf)(buf,"Client Request: %s", arg);
        CLG_(dump_profile)(buf, True);
        *ret = 0;                 /* meaningless */
      }

diff --git a/callgrind/threads.c b/callgrind/threads.c
index 9c43271..023009f 100644
--- a/callgrind/threads.c
+++ b/callgrind/threads.c

@@ -179,7 +179,7 @@
 {
     /* check for dumps needed */
     static ULong bbs_done = 0;
-    static HChar buf[512];
+    HChar buf[50];   // large enough
 
     if (CLG_(clo).dump_every_bb >0) {
        if (CLG_(stat).bb_executions - bbs_done > CLG_(clo).dump_every_bb) {

diff --git a/coregrind/m_aspacemgr/aspacemgr-linux.c b/coregrind/m_aspacemgr/aspacemgr-linux.c
index 17f4ab0..c5ad4d9 100644
--- a/coregrind/m_aspacemgr/aspacemgr-linux.c
+++ b/coregrind/m_aspacemgr/aspacemgr-linux.c

@@ -1116,7 +1116,7 @@
 
 #     if 0
       {
-         HChar buf[100];
+         HChar buf[100];   // large enough
          VG_(am_show_nsegments)(0,"post syncheck failure");
          VG_(sprintf)(buf, "/bin/cat /proc/%d/maps", VG_(getpid)());
          VG_(system)(buf);

diff --git a/coregrind/m_gdbserver/server.c b/coregrind/m_gdbserver/server.c
index 7f2e5c9..85242f1 100644
--- a/coregrind/m_gdbserver/server.c
+++ b/coregrind/m_gdbserver/server.c

@@ -720,7 +720,6 @@
       unsigned long gdb_id;
       struct thread_info *ti;
       ThreadState *tst;
-      char status[100];
       
       gdb_id = strtoul (&arg_own_buf[17], NULL, 16);
       ti = gdb_id_to_thread (gdb_id);
@@ -728,6 +727,13 @@
          tst = (ThreadState *) inferior_target_data (ti);
          /* Additional info is the tid, the thread status and the thread's
             name, if any. */
+         SizeT len = strlen(VG_(name_of_ThreadStatus)(tst->status)) + 20;
+         if (tst->thread_name) len += strlen(tst->thread_name);
+         /* As the string will be hexified and copied into own_buf we need
+            to limit the length to avoid buffer overflow. */
+         if (len * 2 > (PBUFSIZ + POVERHSIZ))
+            len = (PBUFSIZ + POVERHSIZ) / 2;
+         char status[len];
          if (tst->thread_name) {
             VG_(snprintf) (status, sizeof(status), "tid %d %s %s",
                            tst->tid, 

diff --git a/coregrind/m_gdbserver/target.c b/coregrind/m_gdbserver/target.c
index e248228..4a738d2 100644
--- a/coregrind/m_gdbserver/target.c
+++ b/coregrind/m_gdbserver/target.c

@@ -43,7 +43,7 @@
 static
 char *image_ptid(unsigned long ptid)
 {
-  static char result[100];
+  static char result[50];    // large enough
   VG_(sprintf) (result, "id %ld", ptid);
   return result;
 }

diff --git a/coregrind/m_scheduler/scheduler.c b/coregrind/m_scheduler/scheduler.c
index c45b147..4faf001 100644
--- a/coregrind/m_scheduler/scheduler.c
+++ b/coregrind/m_scheduler/scheduler.c

@@ -267,8 +267,7 @@
 
 #if 0
    if (VG_(clo_trace_sched)) {
-      HChar buf[100];
-      vg_assert(VG_(strlen)(who) <= 100-50);
+      HChar buf[VG_(strlen)(who) + 30];
       VG_(sprintf)(buf, "waiting for lock (%s)", who);
       print_sched_event(tid, buf);
    }
@@ -298,8 +297,7 @@
    }
 
    if (VG_(clo_trace_sched)) {
-      HChar buf[150];
-      vg_assert(VG_(strlen)(who) <= 150-50);
+      HChar buf[VG_(strlen)(who) + 30];
       VG_(sprintf)(buf, " acquired lock (%s)", who);
       print_sched_event(tid, buf);
    }
@@ -328,10 +326,9 @@
    VG_(running_tid) = VG_INVALID_THREADID;
 
    if (VG_(clo_trace_sched)) {
-      HChar buf[200];
-      vg_assert(VG_(strlen)(who) <= 200-100);
-      VG_(sprintf)(buf, "releasing lock (%s) -> %s",
-                        who, VG_(name_of_ThreadStatus)(sleepstate));
+      const HChar *status = VG_(name_of_ThreadStatus)(sleepstate);
+      HChar buf[VG_(strlen)(who) + VG_(strlen)(status) + 30];
+      VG_(sprintf)(buf, "releasing lock (%s) -> %s", who, status);
       print_sched_event(tid, buf);
    }
 

diff --git a/coregrind/m_sigframe/sigframe-ppc32-linux.c b/coregrind/m_sigframe/sigframe-ppc32-linux.c
index 8731c4f..aae1d2f 100644
--- a/coregrind/m_sigframe/sigframe-ppc32-linux.c
+++ b/coregrind/m_sigframe/sigframe-ppc32-linux.c

@@ -107,7 +107,7 @@
    struct vki_sigcontext sigcontext;
    struct vki_mcontext mcontext;
    struct vg_sig_private priv;
-   unsigned char abigap[224];
+   unsigned char abigap[224];    // unused
 };
 
 /* Structure put on stack for signal handlers with SA_SIGINFO set. */
@@ -116,7 +116,7 @@
    vki_siginfo_t siginfo;
    struct vki_ucontext ucontext;
    struct vg_sig_private priv;
-   unsigned char abigap[224];
+   unsigned char abigap[224];    // unused
 };
 
 #define SET_SIGNAL_LR(zztst, zzval)                          \

diff --git a/coregrind/m_sigframe/sigframe-ppc64-linux.c b/coregrind/m_sigframe/sigframe-ppc64-linux.c
index 17a3c50..459d6b1 100644
--- a/coregrind/m_sigframe/sigframe-ppc64-linux.c
+++ b/coregrind/m_sigframe/sigframe-ppc64-linux.c

@@ -114,7 +114,7 @@
    void*                 puc;
    vki_siginfo_t         info;
    struct vg_sig_private priv;
-   UChar                 abigap[288];
+   UChar                 abigap[288];   // unused
 };
 
 #define SET_SIGNAL_LR(zztst, zzval)                          \

diff --git a/coregrind/m_signals.c b/coregrind/m_signals.c
index cf61137..508f315 100644
--- a/coregrind/m_signals.c
+++ b/coregrind/m_signals.c

@@ -1219,7 +1219,7 @@
 static
 HChar* format_sigset ( const vki_sigset_t* set )
 {
-   static HChar buf[128];
+   static HChar buf[_VKI_NSIG_WORDS * 16 + 1];
    int w;
 
    VG_(strcpy)(buf, "");
@@ -1647,7 +1647,7 @@
 	    }
 #if 0
             {
-              HChar buf[110];
+              HChar buf[50];  // large enough
               VG_(am_show_nsegments)(0,"post segfault");
               VG_(sprintf)(buf, "/bin/cat /proc/%d/maps", VG_(getpid)());
               VG_(system)(buf);

diff --git a/coregrind/vgdb-invoker-ptrace.c b/coregrind/vgdb-invoker-ptrace.c
index 1d43390..e9d1392 100644
--- a/coregrind/vgdb-invoker-ptrace.c
+++ b/coregrind/vgdb-invoker-ptrace.c

@@ -226,7 +226,7 @@
 static 
 char *status_image (int status)
 {
-   static char result[256];
+   static char result[256];  // large enough
    int sz = 0;
 #define APPEND(...) sz += snprintf (result+sz, 256 - sz - 1, __VA_ARGS__)
   

diff --git a/helgrind/libhb_core.c b/helgrind/libhb_core.c
index 1668df8..b146e0a 100644
--- a/helgrind/libhb_core.c
+++ b/helgrind/libhb_core.c

@@ -1089,7 +1089,7 @@
 static Bool is_sane_Descr_and_Tree ( UShort descr, SVal* tree ) {
    Word  i;
    UChar validbits = descr_to_validbits(descr);
-   HChar buf[128], buf2[128];
+   HChar buf[128], buf2[128];    // large enough
    if (validbits == 0)
       goto bad;
    for (i = 0; i < 8; i++) {
commit	7b7d59405204f88cb944155d6bc5114025ebda98	[log] [tgz]
author	florian <florian@a5019735-40e9-0310-863c-91ae7b9d1cf9>	Fri Dec 19 20:29:22 2014 +0000
committer	florian <florian@a5019735-40e9-0310-863c-91ae7b9d1cf9>	Fri Dec 19 20:29:22 2014 +0000
tree	139fcdabaab650c8c9a1842cf956aedfcc600f5e
parent	b7742ab1b3859ebf0d102001745e697725555017 [diff]