out of bound access #4636

parihaaraka · 2019-11-21T09:58:32Z

Line 176 in 9fba29a

*p = '\0';

snprintf man:

Returns the number of characters that would have been written if n had been sufficiently large, not counting the terminating null character.

(p > end ? *end : *p) = '\0'; ? Or reallocate and adapt the code to capture all the output in.

The text was updated successfully, but these errors were encountered:

parihaaraka · 2019-11-22T22:54:17Z

this is about:

#0  0x52da49 in print_backtrace+9
#1  0x50ff59 in tarantool_panic_handler+29
#2  0x554b83 in lj_err_throw+73
#3  0x554dbb in lj_err_mem+3b
#4  0x5547d4 in lj_mem_realloc+44
#5  0x5571da in lj_tab_resize+26a
#6  0x557422 in rehashtab+202
#7  0x5574e1 in lj_tab_newkey+71
#8  0x13f5ad30 in +71
2019-10-31 15:40:48.376 [1] main/127/ C> not enough memory
2019-10-31 15:40:48.376 [1] main/127/ C> #2 strsplit (upvalue), /opt/tarantool/luaunit.lua:240
2019-10-31 15:40:48.376 [1] main/127/ C> #3 stripLuaunitTrace (upvalue), /opt/tarantool/luaunit.lua:398
2019-10-31 15:40:48.376 [1] main/127/ C> #4 protectedCall (method), /opt/tarantool/luaunit.lua:2781
2019-10-31 15:40:48.376 [1] main/127/ C> #5 execOneFunction (method), /opt/tarantool/luaunit.lua:2828
2019-10-31 15:40:48.376 [1] main/127/ C> #6 runSuiteByInstances (method), /opt/tarantool/luaunit.lua:2943
2019-10-31 15:40:48.376 [1] main/127/ C> #7 runSuiteByNames (method), /opt/tarantool/luaunit.lua:3007

It looks like the problem is fixed with the suggested small workaround.

snrpintf always null-terminates the passed string, and it also returns the number of bytes that "would have been written if there was enough space", so not only we don't have to null-terminate the string, but even more so we shouldn't do it erroneously. Closes #4636

snrpintf always null-terminates the passed string, and it also returns the number of bytes that "would have been written if there was enough space", so not only we don't have to null-terminate the string, but even more so we shouldn't do it erroneously. The only case when a string should be null-terminated manually is when the print cycle doesn't run at all, so move the termination before the cycle. Closes #4636

snrpintf always null-terminates the passed string, and it also returns the number of bytes that "would have been written if there was enough space", so not only we don't have to null-terminate the string, but even more so we shouldn't do it erroneously. The only case when a string should be null-terminated manually is when the print cycle doesn't run at all, so move the termination before the cycle. Closes #4636 (cherry picked from commit 2066f29)

sergepetrenko self-assigned this Nov 29, 2019

sergepetrenko added the bug Something isn't working label Nov 29, 2019

kyukhin added this to the 1.10.5 milestone Nov 30, 2019

sergepetrenko added the ready for review label Dec 6, 2019

kyukhin closed this as completed in 2066f29 Dec 10, 2019

sergepetrenko removed the ready for review label Dec 10, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

out of bound access #4636

out of bound access #4636

parihaaraka commented Nov 21, 2019

parihaaraka commented Nov 22, 2019

out of bound access #4636

out of bound access #4636

Comments

parihaaraka commented Nov 21, 2019

parihaaraka commented Nov 22, 2019