[torquedev] [Bug 98] Allocation of incorrect pointer in src/scheduler.cc/samples/fifo/job_info.c: update_job_comment causes random crash.

bugzilla-daemon at supercluster.org bugzilla-daemon at supercluster.org
Thu Nov 11 06:45:57 MST 2010


http://www.clusterresources.com/bugzilla/show_bug.cgi?id=98

--- Comment #19 from Simon Toth <SimonT at mail.muni.cz> 2010-11-11 06:45:57 MST ---
(In reply to comment #18)
> Created an attachment (id=62)
 --> (http://www.clusterresources.com/bugzilla/attachment.cgi?id=62) [details]
> src/scheduler.cc/sample/fifo.c: sprintf() used unsafely with error messages
> causing buffer overrun. Fix using snprintf().
> 
> Occasionally an error message is passed to run_update_job() which is far longer
> than the default buffer size: 256 bytes.
> 
> Because there is no sanity checking of this string length it is blindly written
> into the stack-based buffer, buf, causing stack corruption.
> 
> This patch parameterizes the the size of the buffer (using a pre-processor
> definition), increases it to 1024 bytes and hardens the copy of the message
> into the buffer using snprintf() to limit the length of the string being
> copied.

This patch looks good.

-- 
Configure bugmail: http://www.clusterresources.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the torquedev mailing list