diff options
author | Lutz Helwing <lutz_helwing@mentor.com> | 2016-03-22 11:24:33 +0100 |
---|---|---|
committer | Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> | 2016-04-22 10:57:04 +0200 |
commit | 568cafbfdd548f8221d43e50c044054a363a4315 (patch) | |
tree | af15344a2f767fdfa32a130687861ed7c8a24876 /src/lib | |
parent | 4a321d5e579014b79ad486b017d90f17483c671b (diff) | |
download | DLT-daemon-568cafbfdd548f8221d43e50c044054a363a4315.tar.gz |
Revert truncation of string or raw block
Commit d319ebf4d2d449d70befae0eebbdd82c19c5315f introduced new handling
of the situation when writing data to the user buffer would exceed its
size. This was achieved by truncating the data to fit. This solution had
a problem:
It could lead to a buffer overflow when the updated arg_size gets negative
(actually undefined value because it is unsigned).
As a quick fix the behaviour is reverted to the state before the
aforementioned commit.
Signed-off-by: Lutz Helwing <lutz_helwing@mentor.com>
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/dlt_user.c | 42 |
1 files changed, 16 insertions, 26 deletions
diff --git a/src/lib/dlt_user.c b/src/lib/dlt_user.c index 69fb1a4..4312047 100644 --- a/src/lib/dlt_user.c +++ b/src/lib/dlt_user.c @@ -1404,9 +1404,8 @@ DltReturnValue dlt_user_log_write_raw(DltContextData *log, void *data, uint16_t DltReturnValue dlt_user_log_write_raw_formatted(DltContextData *log, void *data, uint16_t length, DltFormatType type) { - uint16_t arg_size = 0; - uint32_t type_info = 0; size_t new_log_size = 0; + uint32_t type_info = 0; // check nullpointer if (log == NULL || data == NULL) @@ -1425,18 +1424,17 @@ DltReturnValue dlt_user_log_write_raw_formatted(DltContextData *log, void *data, return DLT_RETURN_ERROR; } - arg_size = (uint16_t)length; - new_log_size = log->size + arg_size + sizeof(uint16_t); + new_log_size = log->size + length + sizeof(uint16_t); if (new_log_size > DLT_USER_BUF_MAX_SIZE) - arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE; + return DLT_RETURN_ERROR; if (dlt_user.verbose_mode) { - new_log_size = log->size + arg_size + sizeof(uint32_t) + sizeof(uint16_t); + new_log_size = log->size + length + sizeof(uint32_t) + sizeof(uint16_t); if (new_log_size > DLT_USER_BUF_MAX_SIZE) - arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE; + return DLT_RETURN_ERROR; /* Transmit type information */ type_info = DLT_TYPE_INFO_RAWD; @@ -1457,11 +1455,11 @@ DltReturnValue dlt_user_log_write_raw_formatted(DltContextData *log, void *data, } /* First transmit length of raw data, then the raw data itself */ - memcpy((log->buffer) + log->size, &(arg_size), sizeof(uint16_t)); + memcpy((log->buffer) + log->size, &(length), sizeof(uint16_t)); log->size += sizeof(uint16_t); - memcpy((log->buffer) + log->size, data, arg_size); - log->size += arg_size; + memcpy((log->buffer) + log->size, data, length); + log->size += length; log->args_num++; @@ -2237,14 +2235,14 @@ DltReturnValue dlt_user_log_write_string(DltContextData *log, const char *text) new_log_size = log->size + arg_size + sizeof(uint16_t); if (new_log_size > DLT_USER_BUF_MAX_SIZE) - arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE; + return DLT_RETURN_ERROR; if (dlt_user.verbose_mode) { new_log_size = log->size + arg_size + sizeof(uint32_t) + sizeof(uint16_t); if (new_log_size > DLT_USER_BUF_MAX_SIZE) - arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE; + return DLT_RETURN_ERROR; type_info = DLT_TYPE_INFO_STRG | DLT_SCOD_ASCII; @@ -2255,12 +2253,8 @@ DltReturnValue dlt_user_log_write_string(DltContextData *log, const char *text) memcpy((log->buffer) + log->size, &(arg_size), sizeof(uint16_t)); log->size += sizeof(uint16_t); - memcpy((log->buffer) + log->size, text, arg_size - 1); - log->size += arg_size - 1; - - /* Of course, buffer has to be 0-terminated here */ - log->buffer[log->size] = '\000'; - log->size++; + memcpy((log->buffer) + log->size, text, arg_size); + log->size += arg_size; log->args_num++; @@ -2292,14 +2286,14 @@ DltReturnValue dlt_user_log_write_utf8_string(DltContextData *log, const char *t new_log_size = log->size + arg_size + sizeof(uint16_t); if (new_log_size > DLT_USER_BUF_MAX_SIZE) - arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE; + return DLT_RETURN_ERROR; if (dlt_user.verbose_mode) { new_log_size = log->size + arg_size + sizeof(uint32_t) + sizeof(uint16_t); if (new_log_size > DLT_USER_BUF_MAX_SIZE) - arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE; + return DLT_RETURN_ERROR; type_info = DLT_TYPE_INFO_STRG | DLT_SCOD_UTF8; @@ -2310,12 +2304,8 @@ DltReturnValue dlt_user_log_write_utf8_string(DltContextData *log, const char *t memcpy((log->buffer) + log->size, &(arg_size), sizeof(uint16_t)); log->size += sizeof(uint16_t); - memcpy((log->buffer) + log->size, text, arg_size - 1); - log->size += arg_size - 1; - - /* Of course, buffer has to be 0-terminated here */ - log->buffer[log->size] = '\000'; - log->size++; + memcpy((log->buffer) + log->size, text, arg_size); + log->size += arg_size; log->args_num++; |