Fix crash due to unbounded string copies

Fix crash due to buffer overruns. powertop does a lot of unsafe size-unchecked buffer copying. Fix the easy ones. Program received signal SIGABRT, Aborted. 0x00007ffff6513187 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); Missing separate debuginfos, use: zypper install libgcc_s1-gcc5-debuginfo-5.2.1+r228589-58.1.x86_64 libncurses5-debuginfo-5.9-52.2.3.x86_64 libnl3-200-debuginfo-3.2.25-2.1.2.x86_64 libpci3-debuginfo-3.2.1-3.1.2.x86_64 libstdc++6-gcc5-debuginfo-5.2.1+r228589-58.1.x86_64 libz1-debuginfo-1.2.8-5.1.2.x86_64 (gdb) up 78 raise (SIGABRT); (gdb) fmt=fmt@entry=0x7ffff6640608 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175 175 abort (); (gdb) at fortify_fail.c:31 31 __libc_message (2, "*** %s ***: %s terminated\n", (gdb) 28 __fortify_fail ("buffer overflow detected"); (gdb) at /usr/include/bits/string3.h:104 104 return __builtin___strcpy_chk (__dest, __src, __bos (__dest)); (gdb) at process/process.cpp:92 92 strcpy(comm, _comm); (gdb) ptyp comm type = char [16] (gdb) p comm $1 = "poempp_2.21_x86_" (gdb) ptyp _comm type = const char * (gdb) p _comm $2 = 0xa2d6504 "poempp_2.21_x86_\214x" (gdb) up at process/process.cpp:174 174 new_proc = new class process(comm, pid); (gdb) p pid $3 = 30860 (gdb) ^Z [1]+ Stopped gdb /usr/sbin/powertop 12:16 ares40:../powertop/powertop # cat /proc/30860/stat 30860 (poempp_2.21_x86_64-pc-linux-gnu) R 9998 9998 9998 0 -1 4218880 9662 0 0 0 29182 44 0 0 39 19 2 0 1014983782 39407616 9490 18446744073709551615 4194304 8385953 140720786688848 140720786687224 5358714 0 0 4096 1073751144 18446744073709551615 0 0 17 4 0 3 0 0 0 10484880 10516168 37695488 140720786693790 140720786693855 140720786693855 140720786694071 0 Avoid hardcoding magic values when sizeof can be used. Signed-off-by:Jan Engelhardt <jengelh@inai.de>
author: Nivedita Swaminathan <nivedita.swaminathan@intel.com> 2015-11-23 11:33:13 -0800
committer: Nivedita Swaminathan <nivedita.swaminathan@intel.com> 2015-11-23 13:55:12 -0800
commit: 53370d908764ab7924473cf07b8f9c56e28a1377 (patch)
tree: 39d4561b1ed01ed5835ba4c30452840671762679 /src/cpu/abstract_cpu.cpp
parent: e9a1846ef97e77fe2b0157c0bfbcf18e84d6646f (diff)
1 files changed, 9 insertions, 9 deletions
diff --git a/src/cpu/abstract_cpu.cpp b/src/cpu/abstract_cpu.cpp
index 17acb71..f419dbf 100644
--- a/src/cpu/abstract_cpu.cpp
+++ b/src/cpu/abstract_cpu.cpp
@@ -71,9 +71,9 @@ void abstract_cpu::account_freq(uint64_t freq, uint64_t duration)
 		state->freq = freq;
 		hz_to_human(freq, state->human_name);
 		if (freq == 0)
-			strcpy(state->human_name, _("Idle"));
+			pt_strcpy(state->human_name, _("Idle"));
 		if (is_turbo(freq, max_frequency, max_minus_one_frequency))
-			sprintf(state->human_name, _("Turbo Mode"));
+			pt_strcpy(state->human_name, _("Turbo Mode"));
 
 		state->after_count = 1;
 	}
@@ -112,7 +112,7 @@ void abstract_cpu::measurement_start(void)
 	old_idle = true;
 
 
-	snprintf(filename, PATH_MAX, "/sys/devices/system/cpu/cpu%i/cpufreq/scaling_available_frequencies", number);
+	snprintf(filename, sizeof(filename), "/sys/devices/system/cpu/cpu%i/cpufreq/scaling_available_frequencies", number);
 	file.open(filename, ios::in);
 	if (file) {
 		file >> max_frequency;
@@ -205,8 +205,8 @@ void abstract_cpu::insert_cstate(const char *linux_name, const char *human_name,
 
 	cstates.push_back(state);
 
-	strcpy(state->linux_name, linux_name);
-	strcpy(state->human_name, human_name);
+	pt_strcpy(state->linux_name, linux_name);
+	pt_strcpy(state->human_name, human_name);
 
 	state->line_level = -1;
 
@@ -337,7 +337,7 @@ void abstract_cpu::insert_pstate(uint64_t freq, const char *human_name, uint64_t
 	pstates.push_back(state);
 
 	state->freq = freq;
-	strcpy(state->human_name, human_name);
+	pt_strcpy(state->human_name, human_name);
 
 
 	state->time_before = duration;
@@ -446,12 +446,12 @@ void abstract_cpu::wiggle(void)
 
 	/* wiggle a CPU so that we have a record of it at the start and end of the perf trace */
 
-	snprintf(filename, PATH_MAX, "/sys/devices/system/cpu/cpu%i/cpufreq/scaling_max_freq", first_cpu);
+	snprintf(filename, sizeof(filename), "/sys/devices/system/cpu/cpu%i/cpufreq/scaling_max_freq", first_cpu);
 	ifile.open(filename, ios::in);
 	ifile >> maxf;
 	ifile.close();
 
-	snprintf(filename, PATH_MAX, "/sys/devices/system/cpu/cpu%i/cpufreq/scaling_min_freq", first_cpu);
+	snprintf(filename, sizeof(filename), "/sys/devices/system/cpu/cpu%i/cpufreq/scaling_min_freq", first_cpu);
 	ifile.open(filename, ios::in);
 	ifile >> minf;
 	ifile.close();
@@ -462,7 +462,7 @@ void abstract_cpu::wiggle(void)
 	ofile.open(filename, ios::out);
 	ofile << minf;
 	ofile.close();
-	snprintf(filename, PATH_MAX, "/sys/devices/system/cpu/cpu%i/cpufreq/scaling_max_freq", first_cpu);
+	snprintf(filename, sizeof(filename), "/sys/devices/system/cpu/cpu%i/cpufreq/scaling_max_freq", first_cpu);
 	ofile.open(filename, ios::out);
 	ofile << minf;
 	ofile.close();
author	Nivedita Swaminathan <nivedita.swaminathan@intel.com>	2015-11-23 11:33:13 -0800
committer	Nivedita Swaminathan <nivedita.swaminathan@intel.com>	2015-11-23 13:55:12 -0800
commit	53370d908764ab7924473cf07b8f9c56e28a1377 (patch)
tree	39d4561b1ed01ed5835ba4c30452840671762679 /src/cpu/abstract_cpu.cpp
parent	e9a1846ef97e77fe2b0157c0bfbcf18e84d6646f (diff)