From: Roland McGrath Date: Wed, 2 Feb 2005 03:38:32 +0000 (+0000) Subject: 2005-02-01 Roland McGrath X-Git-Tag: v4.5.18~458 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=883567c1cc695df21e7d02eaa27f4618423a3091;p=strace 2005-02-01 Roland McGrath * file.c (print_xattr_val): Don't use auto array sized by syscall argument. Use malloc instead, so it can fail for insane values. Fixes Debian bug #283704. --- diff --git a/file.c b/file.c index 66862065..3960afbc 100644 --- a/file.c +++ b/file.c @@ -2343,30 +2343,38 @@ print_xattr_val(tcp, failed, arg, insize, size) struct tcb *tcp; int failed; unsigned long arg; -size_t size; -{ - unsigned char buf[4 * size + 1]; - if (!failed && umoven(tcp, arg, size, &buf[3 * size]) >= 0) { - unsigned char *out = buf; - unsigned char *in = &buf[3 * size]; - size_t i; - for (i = 0; i < size; ++i) - if (isprint(in[i])) - *out++ = in[i]; - else { +long insize, size; +{ + if (!failed) { + unsigned char *buf = malloc(4 * size + 1); + if (buf == NULL || /* probably a bogus size argument */ + umoven(tcp, arg, size, &buf[3 * size]) < 0) { + failed = 1; + } + else { + unsigned char *out = buf; + unsigned char *in = &buf[3 * size]; + size_t i; + for (i = 0; i < size; ++i) + if (isprint(in[i])) + *out++ = in[i]; + else { #define tohex(n) "0123456789abcdef"[n] - *out++ = '\\'; - *out++ = 'x'; - *out++ = tohex(in[i] / 16); - *out++ = tohex(in[i] % 16); - } - /* Don't print terminating NUL if there is one. */ - if (in[i - 1] == '\0') - out -= 4; - *out = '\0'; - tprintf(", \"%s\", %zd", buf, insize); - } else - tprintf(", 0x%lx, %zd", arg, insize); + *out++ = '\\'; + *out++ = 'x'; + *out++ = tohex(in[i] / 16); + *out++ = tohex(in[i] % 16); + } + /* Don't print terminating NUL if there is one. */ + if (in[i - 1] == '\0') + out -= 4; + *out = '\0'; + tprintf(", \"%s\", %ld", buf, insize); + } + free(buf); + } + if (failed) + tprintf(", 0x%lx, %ld", arg, insize); } int