Nп/п : 42 из 100
От : Alexey Khromov 2:5030/723 31 мар 25 13:24:52
К : Stas Mishchenkov 31 мар 25 13:36:01
Тема : GoldEd, nodelist, buffer overflow
----------------------------------------------------------------------------------
@MSGID: 2:5030/723 67ea6e6f
@REPLY: 2:460/5858 67ea613e
@CHRS: CP866 2
@TZUTC: 0300
Здраствуйте, Stas!
31 мар 25 12:32, Stas Mishchenkov -> Vladimir Fyodorov:
SM> Hi Vladimir!
SM> 30 Mar 25 18:49, Vladimir Fyodorov -> Stas Mishchenkov:
VF>>>> === Пят 28 Маp 25, GoldED+/OSX 1.1.5-b20240309 (Apr 9 2024
VF>>>> 09:43:22) ! 12:57:50 Memory error at [genode.cpp,196]. !
VF>>>> 12:57:50 gsprintf(buffer,80,%s%s%s%s,...): buffer overflow
VF>>>> (need 85 bytes). === Слишком длинная строчка получается, не
VF>>>> влезает в 80 символов? Ну так может, лучше как-то обрезать её,
VF>>>> чем вообще не показывать?
SM>>> Вроде бы лечили уже. Попробуй обновиться.
Недолечили.
Нашел следующее:
gstrutil.cpp
# elif defined HAVE_VSNPRINTF // C99 and above
ret = vsnprintf(buffer, sizeOfBuffer, format, argptr);
if (ret < 0) // Until glibc 2.0.6 vsnprintf() would return -1
when the output was truncated.
{
LOG.errtest(__file, __line);
char * errstring = strerror(errno);
LOG.printf("! gsprintf(buffer,%i,%s,...): vsnprintf() error: "%s".",
sizeOfBuffer, format, errstring);
if ( strcmp(errstring, "Invalid or incomplete multibyte or wide
character")==0 )
{
LOG.printf("! Possible reason: you don`t set locale properly");
}
TestErrorExit();
}
else if (ret >= sizeOfBuffer) **<- здесь как раз строка обрезана**
{
if (sizeOfBuffer>17) strcpy(buffer, " ERROR, see log! "); __<- но
мы выдаем ошибку вместо обрезка__
else if (sizeOfBuffer>7) strcpy(buffer," ERROR ");
else buffer[sizeOfBuffer-1] = `\0`;
LOG.printf("! %s", gerrinfo("Memory error", __file, __line));
LOG.printf("! gsprintf(buffer,%i,%s,...): buffer overflow (need %i
bytes).", sizeOfBuffer, format, ret);
}
# else
# error Please look C library of your compiler for function like
vsnprintf, what do not write more than size bytes into string.
# endif
va_end(argptr);
И кусок man 3 vsnprintf:
The functions snprintf() and vsnprintf() do not write more than size
bytes (including the terminating null byte
(`\0`)). If the output was truncated due to this limit, then the
return value is the number of characters (ex
cluding the terminating null byte) which would have been written
to the final string if enough space had been
available. Thus, a return value of size or more means that the
output was truncated. (See also below under
CAVEATS.)
If an output error is encountered, a negative value is returned.
Попробую потестировать, КМК то самое место.
Alexey Khromov
--- GoldED+/LNX 1.1.5-b20240309
* Origin: - Вы в опасности! Вы окружены роботами! - (2:5030/723)
SEEN-BY: 46/49 50/109 104/117 221/6 240/1120 267/67
301/1 341/66 451/31
SEEN-BY: 452/28 166 455/19 460/16 58 256 1124
5858 461/58 463/68 877 1331
SEEN-BY: 466/50 469/15 4500/1 4600/140 4651/777
5000/111 5001/100 5015/42 46
SEEN-BY: 5019/40 400 5020/101 113 545 715 830 846
848 1042 2992 4441 5480
SEEN-BY: 5020/12000 5022/128 5029/32 5030/49 115
723 1081 1474 5049/1 3
SEEN-BY: 5050/151 5053/51 58 5054/30 89 5058/104
5060/900 5061/133 5068/45
SEEN-BY: 5083/1 444 6078/80 6090/1
@PATH: 5030/723 460/58 463/68 5020/1042 4441