Skip to content

Commit

Permalink
Fix stack use-after-scope in async_safe_log.
Browse files Browse the repository at this point in the history 
The buffer filled in by strerror_r needs to stay in scope while
it is pointed to by str.

Bug: 273807460
Change-Id: I494ca8b8aca2b28ec2f0f3da72d845db99633553
  • Loading branch information
@pcc @basamaryan
pcc authored and basamaryan committed Jul 24, 2023
1 parent 8a5c6b1 commit 6573263
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions libc/async_safe/async_safe_log.cpp
View file
Expand Up @@ -345,6 +345,7 @@ static void out_vformat(Out& o, const char* format, va_list args) {

/* conversion specifier */
const char* str = buffer;
char strerror_buf[256];
if (c == 's') {
/* string */
str = va_arg(args, const char*);
Expand All @@ -359,8 +360,7 @@ static void out_vformat(Out& o, const char* format, va_list args) {
buffer[1] = 'x';
format_integer(buffer + 2, sizeof(buffer) - 2, value, 'x');
} else if (c == 'm') {
char buf[256];
str = strerror_r(errno, buf, sizeof(buf));
str = strerror_r(errno, strerror_buf, sizeof(strerror_buf));
} else if (c == 'd' || c == 'i' || c == 'o' || c == 'u' || c == 'x' || c == 'X') {
/* integers - first read value from stack */
uint64_t value;
Expand Down

0 comments on commit 6573263

Please sign in to comment.