[torquedev] [Bug 98] Allocation of incorrect pointer in src/scheduler.cc/samples/fifo/job_info.c: update_job_comment causes random crash.

bugzilla-daemon at supercluster.org bugzilla-daemon at supercluster.org
Thu Nov 11 06:09:14 MST 2010


http://www.clusterresources.com/bugzilla/show_bug.cgi?id=98

--- Comment #18 from Stephen Usher <steve at earth.ox.ac.uk> 2010-11-11 06:09:14 MST ---
Created an attachment (id=62)
 --> (http://www.clusterresources.com/bugzilla/attachment.cgi?id=62)
src/scheduler.cc/sample/fifo.c: sprintf() used unsafely with error messages
causing buffer overrun. Fix using snprintf().

Occasionally an error message is passed to run_update_job() which is far longer
than the default buffer size: 256 bytes.

Because there is no sanity checking of this string length it is blindly written
into the stack-based buffer, buf, causing stack corruption.

This patch parameterizes the the size of the buffer (using a pre-processor
definition), increases it to 1024 bytes and hardens the copy of the message
into the buffer using snprintf() to limit the length of the string being
copied.

-- 
Configure bugmail: http://www.clusterresources.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the torquedev mailing list