Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 06 Jul 2018 08:49:13 -0600
From:      Ian Lepore <ian@freebsd.org>
To:        Sean Bruno <sbruno@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r336031 - head/usr.bin/top
Message-ID:  <1530888553.57805.8.camel@freebsd.org>
In-Reply-To: <201807061322.w66DMjRG084523@repo.freebsd.org>
References:  <201807061322.w66DMjRG084523@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 2018-07-06 at 13:22 +0000, Sean Bruno wrote:
> Author: sbruno
> Date: Fri Jul  6 13:22:44 2018
> New Revision: 336031
> URL: https://svnweb.freebsd.org/changeset/base/336031
> 
> Log:
>   r336028 changed next_msg to a char * from char [] of fixed size.  Change
>   2nd argument of vsnprintf() to get the strlen of next_msg so that the
>   appropriate size is used.
>   
>   Found with gcc.
>   
>   /usr.bin/top/display.c: In function 'new_message':
>   /usr.bin/top/display.c:963:31: error:
>   argument to 'sizeof' in 'vsnprintf' call is the same expression as the
>   destination; did you mean to provide an explicit length?
>   [-Werror=sizeof-pointer-memaccess]
>        vsnprintf(next_msg, sizeof(next_msg), msgfmt, args);
>   
>   Reviewed by:	daichi
> 
> Modified:
>   head/usr.bin/top/display.c
> 
> Modified: head/usr.bin/top/display.c
> ==============================================================================
> --- head/usr.bin/top/display.c	Fri Jul  6 12:44:48 2018	(r336030)
> +++ head/usr.bin/top/display.c	Fri Jul  6 13:22:44 2018	(r336031)
> @@ -960,7 +960,7 @@ new_message(int type, const char *msgfmt, ...)
>      va_start(args, msgfmt);
>  
>      /* first, format the message */
> -    vsnprintf(next_msg, sizeof(next_msg), msgfmt, args);
> +    vsnprintf(next_msg, strlen(next_msg), msgfmt, args);
>  
>      va_end(args);
>  
> 

This fix is incorrect. The original commit that changed next_msg to a
pointer is probably flawed enough to revert and redevelop rather than
try a rolling set of bandaid fixes.

Whenever setup_buffer() creates a new buffer it will need to store the
size it allocated for use in this vsnprintf() call (and maybe other
places that write directly into next_msg without calling setup_buffer
to reallocate it first, I didn't look). The setup_buffer_bufsiz
variable isn't quite right as-is, because it doesn't include the
'addlen' value passed to setup_buffer().

-- Ian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1530888553.57805.8.camel>