Commit e62391a7 authored by niteria's avatar niteria Committed by Ben Gamari
Browse files

[RTS] Harden against buffer overflow

This sprintf is safe thanks to the guarantees on the format strings that
we pass to it.  Well, almost. The GR_FILENAME_FMT_GUM format would not
have satisfied them if it was still used.

If someone makes a mistake that's a potential privilege escalation,
so I think it's reasonable to switch to snprintf to protect against
that remote possibility.

Test Plan: it builds, CI

Reviewers: simonmar, bgamari, austin, erikd

Reviewed By: bgamari

Subscribers: rwbarton, thomie

Differential Revision: https://phabricator.haskell.org/D3944
parent 91262e75
......@@ -263,7 +263,6 @@ extern RTS_FLAGS RtsFlags;
#define STATS_FILENAME_MAXLEN 128
#define GR_FILENAME_FMT "%0.124s.gr"
#define GR_FILENAME_FMT_GUM "%0.120s.%03d.%s"
#define HP_FILENAME_FMT "%0.124s.hp"
#define LIFE_FILENAME_FMT "%0.122s.life"
#define PROF_FILENAME_FMT "%0.122s.prof"
......
......@@ -1636,7 +1636,8 @@ openStatsFile (char *filename, // filename, or NULL
}
/* default <program>.<ext> */
char stats_filename[STATS_FILENAME_MAXLEN];
sprintf(stats_filename, filename_fmt, prog_name);
snprintf(stats_filename, STATS_FILENAME_MAXLEN, filename_fmt,
prog_name);
f = fopen(stats_filename,"w");
}
if (f == NULL) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment