| Message ID | 20250218164820.1458561-1-luiz.dentz@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [BlueZ,v1] monitor: Fix crash due to negative max_len | expand |
Hello: This patch was applied to bluetooth/bluez.git (master) by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>: On Tue, 18 Feb 2025 11:48:20 -0500 you wrote: > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > While calculating the max_len for printing the packet details that can > come out negative, so this discards extra text if that happens otherwise > it can cause the following error: > > Process terminating with default action of signal 6 (SIGABRT) > at 0x4A800F4: __pthread_kill_implementation (in /usr/lib64/libc.so.6) > by 0x4A26FDD: raise (in /usr/lib64/libc.so.6) > by 0x4A0E941: abort (in /usr/lib64/libc.so.6) > by 0x4A0F7A6: __libc_message_impl.cold (in /usr/lib64/libc.so.6) > by 0x4B0E3B8: __fortify_fail (in /usr/lib64/libc.so.6) > by 0x4B0DD53: __chk_fail (in /usr/lib64/libc.so.6) > by 0x4B0F544: __snprintf_chk (in /usr/lib64/libc.so.6) > by 0x11F3E6: snprintf (stdio2.h:68) > > [...] Here is the summary with links: - [BlueZ,v1] monitor: Fix crash due to negative max_len https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=fdbfe0018f6f You are awesome, thank you!
diff --git a/monitor/packet.c b/monitor/packet.c index 2eb50896b55b..b186431cf135 100644 --- a/monitor/packet.c +++ b/monitor/packet.c @@ -490,6 +490,14 @@ static void print_packet(struct timeval *tv, struct ucred *cred, char ident, int extra_len = extra ? strlen(extra) : 0; int max_len = col - len - extra_len - ts_len - 3; + /* Check if there is enough space for the text and the label, if + * there isn't then discard extra text since it won't fit. + */ + if (max_len <= 0) { + extra = NULL; + max_len = col - len - ts_len - 3; + } + n = snprintf(line + pos, max_len + 1, "%s%s", label ? ": " : "", text); if (n > max_len) {
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> While calculating the max_len for printing the packet details that can come out negative, so this discards extra text if that happens otherwise it can cause the following error: Process terminating with default action of signal 6 (SIGABRT) at 0x4A800F4: __pthread_kill_implementation (in /usr/lib64/libc.so.6) by 0x4A26FDD: raise (in /usr/lib64/libc.so.6) by 0x4A0E941: abort (in /usr/lib64/libc.so.6) by 0x4A0F7A6: __libc_message_impl.cold (in /usr/lib64/libc.so.6) by 0x4B0E3B8: __fortify_fail (in /usr/lib64/libc.so.6) by 0x4B0DD53: __chk_fail (in /usr/lib64/libc.so.6) by 0x4B0F544: __snprintf_chk (in /usr/lib64/libc.so.6) by 0x11F3E6: snprintf (stdio2.h:68) --- monitor/packet.c | 8 ++++++++ 1 file changed, 8 insertions(+)