diff --git a/doc/xml/release.xml b/doc/xml/release.xml index 108b6130d5..4ced0f62b8 100644 --- a/doc/xml/release.xml +++ b/doc/xml/release.xml @@ -14,6 +14,16 @@ + + + + + + +

Fix potential buffer overrun in error message handling.

+ + + diff --git a/src/common/error.c b/src/common/error.c index 2855083aa4..92161914af 100644 --- a/src/common/error.c +++ b/src/common/error.c @@ -387,7 +387,9 @@ errorInternalThrow(const ErrorType *errorType, const char *fileName, const char errorContext.error.fileLine = fileLine; // Assign message to the error - strcpy(messageBuffer, message); + strncpy(messageBuffer, message, sizeof(messageBuffer)); + messageBuffer[sizeof(messageBuffer) - 1] = 0; + errorContext.error.message = (const char *)messageBuffer; // Generate the stack trace for the error diff --git a/test/src/module/common/errorTest.c b/test/src/module/common/errorTest.c index 49b6e92baf..143c6b767f 100644 --- a/test/src/module/common/errorTest.c +++ b/test/src/module/common/errorTest.c @@ -122,7 +122,10 @@ testRun() assert(errorTryDepth() == 4); tryDone = true; - THROW(AssertError, BOGUS_STR); + char bigMessage[sizeof(messageBuffer) * 32]; + memset(bigMessage, 'A', sizeof(bigMessage)); + + THROW(AssertError, bigMessage); } TRY_END(); } @@ -151,6 +154,7 @@ testRun() { assert(errorTryDepth() == 1); assert(errorContext.tryList[1].state == errorStateCatch); + assert(strlen(errorMessage()) == sizeof(messageBuffer) - 1); catchDone = true; }