diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-06-09 13:41:44 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-06-11 10:04:10 +0200 |
| commit | 21e4e3e06fb06dafda5a0d084824df79f07aeb46 (patch) | |
| tree | a690e6b3cd88ade5eaa1ab7ea604f46bf671a291 /src/basic | |
| parent | meson: add fuzz regressions to list (diff) | |
| download | systemd-21e4e3e06fb06dafda5a0d084824df79f07aeb46.tar.xz systemd-21e4e3e06fb06dafda5a0d084824df79f07aeb46.zip | |
basic/ellipsize: do not assume the string is NUL-terminated when length is given
oss-fuzz flags this as:
==1==WARNING: MemorySanitizer: use-of-uninitialized-value
0. 0x7fce77519ca5 in ascii_is_valid systemd/src/basic/utf8.c:252:9
1. 0x7fce774d203c in ellipsize_mem systemd/src/basic/string-util.c:544:13
2. 0x7fce7730a299 in print_multiline systemd/src/shared/logs-show.c:244:37
3. 0x7fce772ffdf3 in output_short systemd/src/shared/logs-show.c:495:25
4. 0x7fce772f5a27 in show_journal_entry systemd/src/shared/logs-show.c:1077:15
5. 0x7fce772f66ad in show_journal systemd/src/shared/logs-show.c:1164:29
6. 0x4a2fa0 in LLVMFuzzerTestOneInput systemd/src/fuzz/fuzz-journal-remote.c:64:21
...
I didn't reproduce the issue, but this looks like an obvious error: the length
is specified, so we shouldn't use the string with any functions for normal
C-strings.
Diffstat (limited to 'src/basic')
| -rw-r--r-- | src/basic/format-table.c | 2 | ||||
| -rw-r--r-- | src/basic/string-util.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/basic/format-table.c b/src/basic/format-table.c index 582c5b86a4..e0bbb9717b 100644 --- a/src/basic/format-table.c +++ b/src/basic/format-table.c @@ -1174,7 +1174,7 @@ int table_print(Table *t, FILE *f) { if (l > width[j]) { /* Field is wider than allocated space. Let's ellipsize */ - buffer = ellipsize_mem(field, (size_t) -1, width[j], d->ellipsize_percent); + buffer = ellipsize(field, width[j], d->ellipsize_percent); if (!buffer) return -ENOMEM; diff --git a/src/basic/string-util.c b/src/basic/string-util.c index 7ea478883b..4c52c560a0 100644 --- a/src/basic/string-util.c +++ b/src/basic/string-util.c @@ -541,7 +541,7 @@ char *ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigne return strdup(""); /* If no multibyte characters use ascii_ellipsize_mem for speed */ - if (ascii_is_valid(s)) + if (ascii_is_valid_n(s, old_length)) return ascii_ellipsize_mem(s, old_length, new_length, percent); x = ((new_length - 1) * percent) / 100; |