[libvirt] [PATCH] logging: fix off-by-one bug
Eric Blake
eblake at redhat.com
Mon Mar 21 16:24:05 UTC 2011
On 03/21/2011 02:20 AM, Daniel Veillard wrote:
> On Fri, Mar 18, 2011 at 08:31:22PM -0600, Eric Blake wrote:
>> Valgrind caught that our log wrap-around was going 1 past the end.
>> Regression introduced in commit b16f47a; previously the
>> buffer was static and size+1 bytes, but now it is dynamic and
>> exactly size bytes.
>>
>> * src/util/logging.c (virLogStr): Don't write past end of log.
>> ---
>>
>> An alternative would be to malloc one larger; but since the log
>> is likely to be a page size multiple and large enough to be worth
>> malloc using mmap, going one larger is likely to waste the bulk
>> of a page. Also, I like always NUL-terminating the current end
>> of the log (without including that NUL in the log length).
>>
>> src/util/logging.c | 4 ++--
>> 1 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/util/logging.c b/src/util/logging.c
>> index b972f8a..f4910ad 100644
>> --- a/src/util/logging.c
>> +++ b/src/util/logging.c
>> @@ -326,7 +326,7 @@ static void virLogStr(const char *str, int len) {
>> return;
>> if (len <= 0)
>> len = strlen(str);
>> - if (len > virLogSize)
>> + if (len >= virLogSize)
>> return;
>> virLogLock();
>>
>> @@ -336,13 +336,13 @@ static void virLogStr(const char *str, int len) {
>> if (virLogEnd + len >= virLogSize) {
>> tmp = virLogSize - virLogEnd;
>> memcpy(&virLogBuffer[virLogEnd], str, tmp);
>> - virLogBuffer[virLogSize] = 0;
>> memcpy(&virLogBuffer[0], &str[tmp], len - tmp);
>> virLogEnd = len - tmp;
>> } else {
>> memcpy(&virLogBuffer[virLogEnd], str, len);
>> virLogEnd += len;
>> }
>> + virLogBuffer[virLogEnd] = 0;
>> /*
>> * Update the log length, and if full move the start index
>> */
>
> Well, I tend to prefer having a 0 at the end of character arrays
> in C, this can be useful for example when debugging, so slightly
> preferring one extra byte malloc for safety, either way not a big
> deal, but let's fix this,
I see two ways to do things - either malloc an extra byte (which will
always be NUL from the malloc, so deleting 'virLogBuffer[virLogSize] =
0' is still okay), or by touching the rest of the code to always leave
virLogBuffer[virLogSize-1] as NUL (more invasive, and caps the useful
log to virLogSize-1). Do you want me to prepare a followup patch, and
if so, for which of those two options?
>
> ACK
I went ahead and pushed this as-is to avoid the invalid write; we can do
further cleanup based on how we answer the above question if we want to
guarantee a NUL byte at the end of the array for debugging purposes.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110321/abbaebc0/attachment-0001.sig>
More information about the libvir-list
mailing list