diff options
author | Roland McGrath <roland@redhat.com> | 2005-06-01 19:22:06 +0000 |
---|---|---|
committer | Roland McGrath <roland@redhat.com> | 2005-06-01 19:22:06 +0000 |
commit | aa524c88c49814863cb7f19e5c8a8eeca6ce22fe (patch) | |
tree | a2990277e60e1f07e3ffee8e7d0fe0ff42944531 /io.c | |
parent | b422e0d47dd81daa7d7df359f1237c7aaea173cb (diff) | |
download | strace-aa524c88c49814863cb7f19e5c8a8eeca6ce22fe.tar.gz strace-aa524c88c49814863cb7f19e5c8a8eeca6ce22fe.tar.bz2 strace-aa524c88c49814863cb7f19e5c8a8eeca6ce22fe.tar.xz |
2005-05-31 Dmitry V. Levin <ldv@altlinux.org>
Deal with memory management issues.
* defs.h (tprint_iov): Update prototype.
* desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate
epoll_event array of arbitrary size on the stack, to avoid
stack overflow.
* file.c (print_xattr_val): Check for integer overflow during
malloc size calculation, to avoid heap corruption.
* io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow
during malloc size calculation, to avoid heap corruption.
Change iovec array handling to avoid heap memory allocation.
* mem.c (get_nodes) [LINUX]: Check for integer overflow during
size calculation and do not allocate array of arbitrary size on
the stack, to avoid stack overflow.
* net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of
arbitrary size on the stack, to avoid stack overflow. Do not
trust cmsg.cmsg_len to avoid read beyond the end of allocated
object.
(printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage.
* process.c (sys_setgroups): Check for integer overflow during
malloc size calculation, to avoid heap corruption. Change gid_t
array handling to avoid heap memory allocation.
(sys_getgroups): Likewise.
(sys_setgroups32) [LINUX]: Likewise.
(sys_getgroups32) [LINUX]: Likewise.
* stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer
overflow during malloc size calculation, to avoid heap corruption.
Change pollfd array handling to avoid heap memory allocation.
* system.c (sys_sysctl) [LINUX]: Check for integer overflow
during malloc size calculation, to avoid heap corruption.
* util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow
during malloc size calculation, to avoid heap corruption.
Fixes RH#159196.
Diffstat (limited to 'io.c')
-rw-r--r-- | io.c | 54 |
1 files changed, 33 insertions, 21 deletions
@@ -78,38 +78,50 @@ struct tcb *tcp; void tprint_iov(tcp, len, addr) struct tcb * tcp; -int len; -long addr; +unsigned long len; +unsigned long addr; { - struct iovec *iov; - int i; - + struct iovec iov; + unsigned long size, cur, end, abbrev_end; + int failed = 0; if (!len) { tprintf("[]"); return; } - - if ((iov = (struct iovec *) malloc(len * sizeof *iov)) == NULL) { - fprintf(stderr, "No memory"); + size = len * sizeof(iov); + end = addr + size; + if (!verbose(tcp) || size / sizeof(iov) != len || end < addr) { + tprintf("%#lx", addr); return; } - if (umoven(tcp, addr, - len * sizeof *iov, (char *) iov) < 0) { - tprintf("%#lx", tcp->u_arg[1]); + if (abbrev(tcp)) { + abbrev_end = addr + max_strlen * sizeof(iov); + if (abbrev_end < addr) + abbrev_end = end; } else { - tprintf("["); - for (i = 0; i < len; i++) { - if (i) - tprintf(", "); - tprintf("{"); - printstr(tcp, (long) iov[i].iov_base, - iov[i].iov_len); - tprintf(", %lu}", (unsigned long)iov[i].iov_len); + abbrev_end = end; + } + tprintf("["); + for (cur = addr; cur < end; cur += sizeof(iov)) { + if (cur > addr) + tprintf(", "); + if (cur >= abbrev_end) { + tprintf("..."); + break; + } + if (umoven(tcp, cur, sizeof iov, (char *) &iov) < 0) { + tprintf("?"); + failed = 1; + break; } - tprintf("]"); + tprintf("{"); + printstr(tcp, (long) iov.iov_base, iov.iov_len); + tprintf(", %lu}", (unsigned long)iov.iov_len); } - free((char *) iov); + tprintf("]"); + if (failed) + tprintf(" %#lx", addr); } int |