zrzk
/
px4_autopilot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

fix px4_log.c: avoid potential buffer overflow 

The buffer length given to snprintf() is unsigned, so we must check for
an overflow after each call.

This happend for very long printf's (module documentation)
sbg
Beat Küng 7 years ago committed by Lorenz Meier
parent
d90ac975a7
commit
7359f44835
1 changed files with 23 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      src/platforms/common/px4_log.c

23
src/platforms/common/px4_log.c
Unescape View File

@ -106,22 +106,39 @@ __EXPORT void px4_log_modulename(int level, const char *moduleName, const char * @@ -106,22 +106,39 @@ __EXPORT void px4_log_modulename(int level, const char *moduleName, const char *
if (is_atty) { pos += snprintf(buffer + pos, max_length - pos, "%s", __px4_log_level_color[level]); }
if (pos >= max_length) { return; }
pos += snprintf(buffer + pos, max_length - pos, __px4__log_level_fmt __px4__log_level_arg(level));
if (pos >= max_length) { return; }
if (is_atty) { pos += snprintf(buffer + pos, max_length - pos, "%s", PX4_ANSI_COLOR_GRAY); }
if (pos >= max_length) { return; }
pos += snprintf(buffer + pos, max_length - pos, __px4__log_modulename_pfmt, moduleName);
va_list argptr;
if (pos >= max_length) { return; }
if (is_atty) { pos += snprintf(buffer + pos, max_length - pos, "%s", __px4_log_level_color[level]); }
if (pos >= max_length) { return; }
va_start(argptr, fmt);
pos += vsnprintf(buffer + pos, max_length - pos, fmt, argptr);
if (pos >= max_length) { return; }
va_end(argptr);
pos += snprintf(buffer + pos, max_length - pos, "\n");
if (pos >= max_length) { return; }
if (is_atty) { pos += snprintf(buffer + pos, max_length - pos, "%s", PX4_ANSI_COLOR_RESET); }
if (pos >= max_length) { return; }
// +1 for the terminating 0 char.
send_stdout_pipe_buffer(pos + 1);
}
@ -197,12 +214,18 @@ __EXPORT void px4_log_raw(int level, const char *fmt, ...) @@ -197,12 +214,18 @@ __EXPORT void px4_log_raw(int level, const char *fmt, ...)
if (is_atty) { pos += snprintf(buffer + pos, max_length - pos, "%s", __px4_log_level_color[level]); }
if (pos >= max_length) { return; }
va_start(argptr, fmt);
pos += vsnprintf(buffer + pos, max_length - pos, fmt, argptr);
va_end(argptr);
if (pos >= max_length) { return; }
if (is_atty) { pos += snprintf(buffer + pos, max_length - pos, "%s", PX4_ANSI_COLOR_RESET); }
if (pos >= max_length) { return; }
// +1 for the terminating 0 char.
send_stdout_pipe_buffer(pos + 1);
}

Write Preview
Loading…
Cancel
Save