Re: [PATCH] libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cc: Avoid writing '\0' out of string's border

[Konstantin Serebryany <konstantin dot s dot serebryany at gmail dot com>]

[replying text only]

Hi Chen,
as per https://code.google.com/p/address-sanitizer/wiki/HowToContribute
all changes to libsanitizer, even such simple ones,
have to go through the LLVM tree first.

But, what makes you think there is a bug here?
The comment in sanitizer_common/sanitizer_common.h says:
// name should have space for at least max_len+1 bytes.

--kcc

On Wed, Aug 27, 2014 at 3:43 PM, Chen Gang <gang.chen.5i5j@gmail.com> wrote:
> 'max_len' is the maximized length of 'name', so for writing '\0' to
> "name[max_len]", it is out of string's border, need use "max_len - 1"
> instead of.
>
> Pass normal test suite: "configure && make && make check && compare",
> I guess, at present, it is not really used by outside, though.
>
> 2014-08-27  Chen Gang  <gang.chen.5i5j@gmail.com>
>
>         * sanitizer_common/sanitizer_linux_libcdep.cc
>         (SanitizerGetThreadName): Avoid writing '\0' out of string's
>         border
> ---
>  libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cc b/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cc
> index e754b26..b9089d5 100644
> --- a/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cc
> +++ b/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cc
> @@ -140,7 +140,7 @@ bool SanitizerGetThreadName(char *name, int max_len) {
>    if (prctl(PR_GET_NAME, (unsigned long)buff, 0, 0, 0))  // NOLINT
>      return false;
>    internal_strncpy(name, buff, max_len);
> -  name[max_len] = 0;
> +  name[max_len - 1] = 0;
>    return true;
>  #else
>    return false;
> --
> 1.9.3