Skip to content

Commit

Permalink
Fix segfault calling YGJNILogFunc (#1344)
Browse files Browse the repository at this point in the history 
Summary:
X-link: facebook/react-native#39051

Pull Request resolved: #1344

`YGJNILogFunc` has a bug where it uses a `va_list` to determine the length of a printf string, then reuses the same `va_list` later after it has already been iterated through. Even if no arguments are present, this may cause a crash looking something like:

```
C  [libsystem_platform.dylib+0xf12]  _platform_strlen+0x12
C  [libsystem_c.dylib+0x31bf]  __vfprintf+0x1339
C  [libsystem_c.dylib+0x307ce]  _vsnprintf+0x100
C  [libsystem_c.dylib+0x6965]  vsnprintf+0x44
C  [libyoga.dylib+0x5161]  YGJNILogFunc(YGConfig*, YGNode*, YGLogLevel, void*, char const*, __va_list_tag*)+0x59
```

Fixing this fixes crashing unit tests which are not explicitly disabled.

Reviewed By: yungsters

Differential Revision: D48388548

fbshipit-source-id: 492e7a89aeb5f9d15485ce31641875a295356bef
  • Loading branch information
@NickGerleman @facebook-github-bot
NickGerleman authored and facebook-github-bot committed Aug 18, 2023
1 parent 910adaa commit 38ad93c
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion java/jni/YGJNIVanilla.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,9 @@ static int YGJNILogFunc(
void* /*layoutContext*/,
const char* format,
va_list args) {
int result = vsnprintf(NULL, 0, format, args);
va_list argsCopy;
va_copy(argsCopy, args);
int result = vsnprintf(nullptr, 0, format, argsCopy);
std::vector<char> buffer(1 + result);
vsnprintf(buffer.data(), buffer.size(), format, args);

Expand Down

0 comments on commit 38ad93c

Please sign in to comment.