journal-upload: add asserts that snprintf does not return an error

LGMT complains: > The size argument of this snprintf call is derived from its return value, > which may exceed the size of the buffer and overflow. Let's make sure that r is non-negative. (This shouldn't occur unless the format string is borked, so let's just add an assert.) Then, let's reorder the comparison to avoid the potential overflow.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-10-02 12:46:31 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-10-02 15:36:24 +0200
commit: 91db8ed5b2e67abf738381a6ed6a05a8271498cd (patch)
tree: e3c5501ed5ecb6251bae228f5e3f10f09d5207e4 /src/journal-remote/journal-upload-journal.c
parent: pid1: remove unnecessary error reassignment (diff)
download: systemd-91db8ed5b2e67abf738381a6ed6a05a8271498cd.tar.xz
systemd-91db8ed5b2e67abf738381a6ed6a05a8271498cd.zip
1 files changed, 8 insertions, 4 deletions
diff --git a/src/journal-remote/journal-upload-journal.c b/src/journal-remote/journal-upload-journal.c
index 3991dcb7d2..205ce182a2 100644
--- a/src/journal-remote/journal-upload-journal.c
+++ b/src/journal-remote/journal-upload-journal.c
@@ -34,7 +34,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
 
                         r = snprintf(buf + pos, size - pos,
                                      "__CURSOR=%s\n", u->current_cursor);
-                        if (pos + r > size)
+                        assert(r >= 0);
+                        if ((size_t) r > size - pos)
                                 /* not enough space */
                                 return pos;
 
@@ -58,7 +59,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
 
                         r = snprintf(buf + pos, size - pos,
                                      "__REALTIME_TIMESTAMP="USEC_FMT"\n", realtime);
-                        if (r + pos > size)
+                        assert(r >= 0);
+                        if ((size_t) r > size - pos)
                                 /* not enough space */
                                 return pos;
 
@@ -83,7 +85,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
 
                         r = snprintf(buf + pos, size - pos,
                                      "__MONOTONIC_TIMESTAMP="USEC_FMT"\n", monotonic);
-                        if (r + pos > size)
+                        assert(r >= 0);
+                        if ((size_t) r > size - pos)
                                 /* not enough space */
                                 return pos;
 
@@ -108,7 +111,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
 
                         r = snprintf(buf + pos, size - pos,
                                      "_BOOT_ID=%s\n", sd_id128_to_string(boot_id, sid));
-                        if (r + pos > size)
+                        assert(r >= 0);
+                        if ((size_t) r > size - pos)
                                 /* not enough space */
                                 return pos;
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-10-02 12:46:31 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-10-02 15:36:24 +0200
commit	91db8ed5b2e67abf738381a6ed6a05a8271498cd (patch)
tree	e3c5501ed5ecb6251bae228f5e3f10f09d5207e4 /src/journal-remote/journal-upload-journal.c
parent	pid1: remove unnecessary error reassignment (diff)
download	systemd-91db8ed5b2e67abf738381a6ed6a05a8271498cd.tar.xz systemd-91db8ed5b2e67abf738381a6ed6a05a8271498cd.zip