commit f311d0676caad1c61a4dbf8fffbeb79003866903
parent c55591825fedb0fe1db92fab7b654ccc15ad50d3
Author: teor <teor@torproject.org>
Date: Tue, 3 Sep 2019 15:50:37 +1000
backtrace: Check the return values of snprintf() and strncpy()
We can't use strlcat() or strlcpy() in torerr, because they are defined
in string/compat_string.h on some platforms, and string uses torerr.
Part of 31571.
Diffstat:
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c
@@ -276,11 +276,23 @@ configure_backtrace_handler(const char *tor_version)
char version[128] = "Tor\0";
if (tor_version) {
- snprintf(version, sizeof(version), "Tor %s", tor_version);
+ int snp_rv = 0;
+ /* We can't use strlcat() here, because it is defined in
+ * string/compat_string.h on some platforms, and string uses torerr. */
+ snp_rv = snprintf(version, sizeof(version), "Tor %s", tor_version);
+ /* It's safe to call raw_assert() here, because raw_assert() does not
+ * call configure_backtrace_handler(). */
+ raw_assert(snp_rv < (int)sizeof(version));
+ raw_assert(snp_rv >= 0);
}
- strncpy(bt_version, version, sizeof(bt_version) - 1);
+ char *str_rv = NULL;
+ /* We can't use strlcpy() here, see the note about strlcat() above. */
+ str_rv = strncpy(bt_version, version, sizeof(bt_version) - 1);
+ /* We must terminate bt_version, then raw_assert(), because raw_assert()
+ * uses bt_version. */
bt_version[sizeof(bt_version) - 1] = 0;
+ raw_assert(str_rv == bt_version);
return install_bt_handler();
}
