commit 5869dedfc08dd385b3672b51becbb713f5c8931a
author florian <florian@a5019735-40e9-0310-863c-91ae7b9d1cf9> Tue Jan 29 04:25:45 2013 +0000
committer florian <florian@a5019735-40e9-0310-863c-91ae7b9d1cf9> Tue Jan 29 04:25:45 2013 +0000
tree ebf252ae359b0ff4fc63d749cfa2b7a0f47bcdda
parent 5686b2d7e97a6f65e436531dac999a52a3d3dac9

Fix a buffer overflow in VG_(assert_fail).
Patch by Matthias Schwarzott (zzam@gentoo.org) with some minor mods.
Fixes BZ 313811


git-svn-id: svn://svn.valgrind.org/valgrind/trunk@13274 a5019735-40e9-0310-863c-91ae7b9d1cf9

coregrind/m_libcassert.c

diff --git a/coregrind/m_libcassert.c b/coregrind/m_libcassert.c
index 8e555f1..c38fe84 100644
--- a/coregrind/m_libcassert.c
+++ b/coregrind/m_libcassert.c
@@ -271,9 +271,10 @@
                         Int line, const HChar* fn, const HChar* format, ... )
 {
    va_list vargs;
-   HChar buf[256];
+   HChar buf[512];
    const HChar* component;
    const HChar* bugs_to;
+   UInt written;
 
    static Bool entered = False;
    if (entered) 
@@ -281,9 +282,14 @@
    entered = True;
 
    va_start(vargs, format);
-   VG_(vsprintf) ( buf, format, vargs );
+   written = VG_(vsnprintf) ( buf, sizeof(buf), format, vargs );
    va_end(vargs);
 
+   if (written >= sizeof(buf)) {
+      VG_(printf)("\nvalgrind: %s: buf is too small, sizeof(buf) = %u, "
+                  "written = %d\n", __func__, (unsigned)sizeof(buf), written);
+   }
+
    if (isCore) {
       component = "valgrind";
       bugs_to   = VG_BUGS_TO;