diff --git a/tools/acrn-crashlog/acrnprobe/android_events.c b/tools/acrn-crashlog/acrnprobe/android_events.c index 471dffd38..ac7af923b 100644 --- a/tools/acrn-crashlog/acrnprobe/android_events.c +++ b/tools/acrn-crashlog/acrnprobe/android_events.c @@ -437,22 +437,24 @@ static void get_last_line_synced(const struct sender_t *sender) if (vm->last_synced_line_key[sid][0]) continue; - snprintf(vm_name, sizeof(vm_name), "%s ", vm->name); + ret = snprintf(vm_name, sizeof(vm_name), "%s ", vm->name); + if (s_not_expect(ret, sizeof(vm_name))) + continue; + ret = file_read_key_value_r(vmkey, sizeof(vmkey), sender->log_vmrecordid, vm_name, strnlen(vm_name, 32)); if (ret == -ENOENT) { - LOGD("no (%s), will generate\n", + LOGD("(%s) does not exist, will generate it\n", sender->log_vmrecordid); generate_log_vmrecord(sender->log_vmrecordid); continue; } else if (ret == -ENOMSG) { - LOGD("no vm record id for (%s)\n", vm->name); + LOGD("couldn't find any records with (%s)\n", vm->name); continue; } else if (ret < 0) { - LOGE("read key-value in (%s) for (%s), error (%s)\n", - sender->log_vmrecordid, vm->name, - strerror(errno)); + LOGE("failed to search records in (%s), error (%s)\n", + sender->log_vmrecordid, strerror(errno)); continue; } p = strchr(vmkey, ' '); @@ -463,8 +465,8 @@ static void get_last_line_synced(const struct sender_t *sender) strnlen(vmkey, sizeof(vmkey)), MM_ONLY); if (ret < 0) { - LOGE("get a non-key vm event (%s) for (%s)\n", - vmkey, vm->name); + LOGE("invalid vm event (%s) in (%s)\n", + vmkey, sender->log_vmrecordid); continue; } } @@ -488,8 +490,11 @@ static char *setup_loop_dev(void) devnr = loopdev_num_get_free(); for (i = 0; i < devnr; i++) { - snprintf(loop_dev_tmp, ARRAY_SIZE(loop_dev_tmp), - "/dev/loop%d", i); + res = snprintf(loop_dev_tmp, ARRAY_SIZE(loop_dev_tmp), + "/dev/loop%d", i); + if (s_not_expect(res, ARRAY_SIZE(loop_dev_tmp))) + return NULL; + if (loopdev_check_parname(loop_dev_tmp, ANDROID_DATA_PAR_NAME)) { loop_dev = strdup(loop_dev_tmp); diff --git a/tools/acrn-crashlog/acrnprobe/channels.c b/tools/acrn-crashlog/acrnprobe/channels.c index ad795c575..8b6d48858 100644 --- a/tools/acrn-crashlog/acrnprobe/channels.c +++ b/tools/acrn-crashlog/acrnprobe/channels.c @@ -230,7 +230,7 @@ static int create_polling_job(struct polling_job_t *pjob) static void channel_polling(struct channel_t *cnl) { int id; - int ret; + int jt; struct vm_t *vm; char *cname = cnl->name; @@ -244,15 +244,27 @@ static void channel_polling(struct channel_t *cnl) if (strcmp(vm->channel, "polling")) continue; - vm_job.timer_val = atoi(vm->interval); + if (cfg_atoi(vm->interval, vm->interval_len, + &jt) == -1) { + LOGE("invalid interval (%s) in config file, exiting\n", + vm->interval); + exit(EXIT_FAILURE); + } + + if (jt <= 0) { + LOGE("interval (%s) must be greater than 0, exiting\n", + vm->interval); + exit(EXIT_FAILURE); + } else + vm_job.timer_val = (uint32_t)jt; + } LOGD("start polling job with %ds\n", vm_job.timer_val); vm_job.fn = polling_vm; vm_job.type = VM; - ret = create_polling_job(&vm_job); - if (ret < 0) { - LOGE("create polling job failed\n, error (%s)\n", + if (create_polling_job(&vm_job) == -1) { + LOGE("failed to create polling job\n, error (%s)\n", strerror(errno)); exit(EXIT_FAILURE); } diff --git a/tools/acrn-crashlog/acrnprobe/history.c b/tools/acrn-crashlog/acrnprobe/history.c index e40ee9418..56e739892 100644 --- a/tools/acrn-crashlog/acrnprobe/history.c +++ b/tools/acrn-crashlog/acrnprobe/history.c @@ -51,40 +51,43 @@ struct history_entry { char *history_file; static int current_lines; -static void entry_to_history_line(struct history_entry *entry, - char newline[MAXLINESIZE]) +static int entry_to_history_line(struct history_entry *entry, + char *newline, size_t size) { - newline[0] = 0; - if (entry->log != NULL) { - char *ptr; - char tmp[PATH_MAX]; + const char *general_event_with_msg = "%-8s%-22s%-20s%-16s %s\n"; + const char *general_event_without_msg = "%-8s%-22s%-20s%-16s\n"; + const char *simple_event = "%-8s%-22s%-20s%s\n"; + int len; - strncpy(tmp, entry->log, PATH_MAX); - tmp[PATH_MAX - 1] = 0; - ptr = strrchr(tmp, '/'); - if (ptr && ptr[1] == 0) - ptr[0] = 0; - snprintf(newline, MAXLINESIZE, "%-8s%-22s%-20s%s %s\n", - entry->event, entry->key, entry->eventtime, - entry->type, tmp); - } else if (entry->type != NULL && entry->type[0]) { - if (entry->lastuptime != NULL) { - snprintf(newline, MAXLINESIZE, - "%-8s%-22s%-20s%-16s %s\n", - entry->event, entry->key, - entry->eventtime, entry->type, - entry->lastuptime); + if (!entry || !entry->event || !entry->key || !entry->eventtime) + return -1; + + if (entry->type) { + const char *fmt; + const char *msg; + + if (entry->log || entry->lastuptime) { + fmt = general_event_with_msg; + msg = entry->log ? entry->log : entry->lastuptime; + len = snprintf(newline, size, fmt, + entry->event, entry->key, + entry->eventtime, entry->type, msg); } else { - snprintf(newline, MAXLINESIZE, - "%-8s%-22s%-20s%-16s\n", - entry->event, entry->key, entry->eventtime, - entry->type); + fmt = general_event_without_msg; + len = snprintf(newline, size, fmt, + entry->event, entry->key, + entry->eventtime, entry->type); } - } else { - snprintf(newline, MAXLINESIZE, "%-8s%-22s%-20s%s\n", - entry->event, entry->key, entry->eventtime, - entry->lastuptime); - } + } else if (entry->lastuptime) { + len = snprintf(newline, size, simple_event, + entry->event, entry->key, + entry->eventtime, entry->lastuptime); + } else + return -1; + + if (s_not_expect(len, size)) + return -1; + return 0; } static void backup_history(void) @@ -135,7 +138,10 @@ void hist_raise_event(const char *event, const char *type, const char *log, if (!crashlog) return; - maxlines = atoi(crashlog->maxlines); + if (cfg_atoi(crashlog->maxlines, crashlog->maxlines_len, + &maxlines) == -1) + return; + if (++current_lines >= maxlines) { LOGW("lines of (%s) meet quota %d, backup... Pls clean!\n", history_file, maxlines); @@ -146,7 +152,10 @@ void hist_raise_event(const char *event, const char *type, const char *log, return; entry.eventtime = eventtime; - entry_to_history_line(&entry, line); + if (entry_to_history_line(&entry, line, sizeof(line)) == -1) { + LOGE("failed to generate new line\n"); + return; + } if (append_file(history_file, line, strnlen(line, MAXLINESIZE)) <= 0) { LOGE("failed to append (%s) to (%s)\n", line, history_file); return; @@ -171,7 +180,9 @@ void hist_raise_uptime(char *lastuptime) return; uptime = crashlog->uptime; - uptime_hours = atoi(uptime->eventhours); + if (cfg_atoi(uptime->eventhours, uptime->eventhours_len, + &uptime_hours) == -1) + return; if (lastuptime) hist_raise_event(uptime->name, NULL, NULL, lastuptime, diff --git a/tools/acrn-crashlog/acrnprobe/include/load_conf.h b/tools/acrn-crashlog/acrnprobe/include/load_conf.h index d1b17d055..f9e00d3c8 100644 --- a/tools/acrn-crashlog/acrnprobe/include/load_conf.h +++ b/tools/acrn-crashlog/acrnprobe/include/load_conf.h @@ -240,5 +240,6 @@ struct sender_t *get_sender_by_name(const char *name); enum event_type_t get_conf_by_wd(int wd, void **private); struct crash_t *get_crash_by_wd(int wd); int crash_depth(struct crash_t *tcrash); +int cfg_atoi(const char *a, size_t alen, int *i); #endif diff --git a/tools/acrn-crashlog/acrnprobe/load_conf.c b/tools/acrn-crashlog/acrnprobe/load_conf.c index 9060c6d46..d26d756c2 100644 --- a/tools/acrn-crashlog/acrnprobe/load_conf.c +++ b/tools/acrn-crashlog/acrnprobe/load_conf.c @@ -152,7 +152,9 @@ static int get_prop_int(xmlNodePtr cur, const char *key, const int max) return -1; } - value = atoi((char *)prop); + if (cfg_atoi((const char *)prop, xmlStrlen(prop), &value) == -1) + return -1; + xmlFree(prop); if (value > max) { @@ -379,6 +381,25 @@ int crash_depth(struct crash_t *tcrash) return level; } +int cfg_atoi(const char *a, size_t alen, int *i) +{ + char *eptr; + int res; + + if (!a || !alen || !i) + return -1; + + res = (int)strtol(a, &eptr, 0); + if (a + alen != eptr) { + LOGE("Failed to convert (%s) to type int, check config file\n", + a); + return -1; + } + + *i = res; + return 0; +} + static int is_enable(xmlNodePtr cur) { xmlChar *prop; @@ -524,8 +545,10 @@ static int parse_crashes(xmlNodePtr crashes) return -1; res = get_prop_int(cur, "inherit", CRASH_MAX); - if (res < 0) + if (res < 0) { + free(crash); return -1; + } id = res - 1; if (id >= 0) { diff --git a/tools/acrn-crashlog/acrnprobe/main.c b/tools/acrn-crashlog/acrnprobe/main.c index 6302cdf00..e5aad5c79 100644 --- a/tools/acrn-crashlog/acrnprobe/main.c +++ b/tools/acrn-crashlog/acrnprobe/main.c @@ -45,15 +45,19 @@ static void uptime(const struct sender_t *sender) if (!uptime) return; - frequency = atoi(uptime->frequency); + if (cfg_atoi(uptime->frequency, uptime->frequency_len, + &frequency) == -1) { + LOGE("Invalid frequency (%s) in config file, exiting...\n", + uptime->frequency); + exit(-1); + } if (frequency > 0) sleep(frequency); fd = open(uptime->path, O_RDWR | O_CREAT, 0666); if (fd < 0) LOGE("open uptime_file with (%d, %s) failed, error (%s)\n", - atoi(uptime->frequency), uptime->path, - strerror(errno)); + frequency, uptime->path, strerror(errno)); else close(fd); } diff --git a/tools/acrn-crashlog/acrnprobe/probeutils.c b/tools/acrn-crashlog/acrnprobe/probeutils.c index d08205ef0..1458267b2 100644 --- a/tools/acrn-crashlog/acrnprobe/probeutils.c +++ b/tools/acrn-crashlog/acrnprobe/probeutils.c @@ -62,6 +62,7 @@ int get_uptime_string(char *newuptime, int *hours) { long long tm; int seconds, minutes; + int len; tm = get_uptime(); if (tm == -1) @@ -78,8 +79,11 @@ int get_uptime_string(char *newuptime, int *hours) /* hours */ *hours /= 60; - return snprintf(newuptime, UPTIME_SIZE, "%04d:%02d:%02d", *hours, - minutes, seconds); + len = snprintf(newuptime, UPTIME_SIZE, "%04d:%02d:%02d", *hours, + minutes, seconds); + if (s_not_expect(len, UPTIME_SIZE)) + return -1; + return 0; } int get_current_time_long(char *buf) @@ -208,7 +212,7 @@ static int reserve_log_folder(enum e_dir_mode mode, char *dir, int dlen; struct sender_t *crashlog; const char *outdir; - unsigned int maxdirs; + int maxdirs; crashlog = get_sender_by_name("crashlog"); if (!crashlog) @@ -246,9 +250,15 @@ static int reserve_log_folder(enum e_dir_mode mode, char *dir, if (res < 0) return res; - maxdirs = atoi(crashlog->maxcrashdirs); + if (cfg_atoi(crashlog->maxcrashdirs, crashlog->maxcrashdirs_len, + &maxdirs) == -1) + return -1; + if (maxdirs <= 0) { + LOGE("failed to reserve dir, maxdirs must be greater than 0\n"); + return -1; + } /* Open file in read/write mode to update the new current */ - res = file_update_int(path, *current, maxdirs); + res = file_update_int(path, *current, (unsigned int)maxdirs); if (res < 0) return res; @@ -408,8 +418,11 @@ int is_boot_id_changed(void) if (res == -1 || !size) return result; - snprintf(logged_boot_id_path, sizeof(logged_boot_id_path), "%s/%s", - crashlog->outdir, BOOTID_LOG); + res = snprintf(logged_boot_id_path, sizeof(logged_boot_id_path), + "%s/%s", crashlog->outdir, BOOTID_LOG); + if (s_not_expect(res, sizeof(logged_boot_id_path))) + goto out; + if (file_exists(logged_boot_id_path)) { res = read_file(logged_boot_id_path, &size, &logged_boot_id); if (res == -1 || !size) diff --git a/tools/acrn-crashlog/acrnprobe/sender.c b/tools/acrn-crashlog/acrnprobe/sender.c index 1818c2990..7f2a63f6a 100644 --- a/tools/acrn-crashlog/acrnprobe/sender.c +++ b/tools/acrn-crashlog/acrnprobe/sender.c @@ -62,8 +62,8 @@ static int cal_log_filepath(char **out, const struct log_t *log, need_timestamp = 1; if (need_timestamp) { - timebuf[0] = 0; - get_uptime_string(timebuf, &hours); + if (get_uptime_string(timebuf, &hours) == -1) + return -1; return asprintf(out, "%s/%s_%s", desdir, filename, timebuf); } @@ -115,16 +115,8 @@ unmap: } static void get_log_file(const char *despath, const char *srcpath, - const char *tail_lines) + int lines) { - int lines; - - if (!tail_lines) { - get_log_file_complete(despath, srcpath); - return; - } - - lines = atoi(tail_lines); if (lines > 0) get_log_file_tail(despath, srcpath, lines); else @@ -155,9 +147,16 @@ static void get_log_by_type(const char *despath, const struct log_t *log, if (!despath || !log || !srcpath) return; - if (!strcmp("file", log->type)) - get_log_file(despath, srcpath, log->lines); - else if (!strcmp("node", log->type)) + if (!strcmp("file", log->type)) { + int lines; + + if (!log->lines) + lines = 0; + else + if (cfg_atoi(log->lines, log->lines_len, &lines) == -1) + return; + get_log_file(despath, srcpath, lines); + } else if (!strcmp("node", log->type)) get_log_node(despath, log->path); else if (!strcmp("cmd", log->type)) get_log_cmd(despath, log->path); @@ -213,7 +212,7 @@ static void telemd_get_log(struct log_t *log, void *data) char fpath[PATH_MAX]; char *msg; int count; - int res; + int len; int i; struct dirent **filelist; struct ac_filter_data acfd = {log->name, log->name_len}; @@ -225,21 +224,24 @@ static void telemd_get_log(struct log_t *log, void *data) count = ac_scandir(d->srcdir, &filelist, filter_filename_substr, &acfd, NULL); if (count < 0) { - LOGE("search (%s) in dir (%s) failed\n", log->name, d->srcdir); + LOGE("error occurs when scanning (%s)\n", d->srcdir); return; } if (!count) { - LOGE("dir (%s) does not contains (%s)\n", d->srcdir, - log->name); + LOGE("couldn't find any files with substr (%s) under (%s)\n", + log->name, d->srcdir); goto send_nologs; } for (i = 0; i < count; i++) { - snprintf(fpath, sizeof(fpath), "%s/%s", d->srcdir, - filelist[i]->d_name); + len = snprintf(fpath, sizeof(fpath), "%s/%s", d->srcdir, + filelist[i]->d_name); free(filelist[i]); - telemd_send_data(fpath, d->eventid, - d->severity, d->class); + if (s_not_expect(len, sizeof(fpath))) + LOGW("failed to generate path, event %s\n", d->eventid); + else + telemd_send_data(fpath, d->eventid, + d->severity, d->class); } free(filelist); @@ -247,10 +249,9 @@ static void telemd_get_log(struct log_t *log, void *data) return; send_nologs: - res = asprintf(&msg, "no log generated on %s, check probe's log.", - log->name); - if (res < 0) { - LOGE("compute string failed, out of memory\n"); + if (asprintf(&msg, "couldn't find logs with (%s), check probe's log.", + log->name) == -1) { + LOGE("failed to generate msg, out of memory\n"); return; } @@ -274,7 +275,10 @@ static void crashlog_get_log(struct log_t *log, void *data) if (!crashlog) return; - quota = atoi(crashlog->spacequota); + if (cfg_atoi(crashlog->spacequota, crashlog->spacequota_len, + "a) == -1) + return; + if (!space_available(crashlog->outdir, quota)) { hist_raise_infoerror("SPACE_FULL", 10); return; @@ -481,7 +485,10 @@ static void telemd_send_uptime(void) return; } uptime = telemd->uptime; - uptime_hours = atoi(uptime->eventhours); + if (cfg_atoi(uptime->eventhours, uptime->eventhours_len, + &uptime_hours) == -1) + return; + if (hours / uptime_hours >= loop_uptime_event) { char *content; @@ -605,8 +612,8 @@ static int telemd_new_vmevent(const char *line_to_sync, logf = log + sizeof(ANDROID_LOGS_DIR) - 1; logflen = &rest[0] + strnlen(rest, PATH_MAX) - logf; - res = find_file(crashlog->outdir, logf, logflen, 1, - &vmlogpath, 1); + res = find_file(crashlog->outdir, crashlog->outdir_len, logf, + logflen, 1, &vmlogpath, 1); if (res == -1) { LOGE("failed to find (%s) in (%s)\n", logf, crashlog->outdir); @@ -729,6 +736,7 @@ static void crashlog_send_crash(struct event_t *e) char *data0; char *data1; char *data2; + int quota; size_t d0len; size_t d1len; size_t d2len; @@ -767,7 +775,11 @@ static void crashlog_send_crash(struct event_t *e) } /* check space before collecting logs */ - if (!space_available(crashlog->outdir, atoi(crashlog->spacequota))) { + if (cfg_atoi(crashlog->spacequota, crashlog->spacequota_len, + "a) == -1) + goto free_key; + + if (!space_available(crashlog->outdir, quota)) { hist_raise_infoerror("SPACE_FULL", 10); hist_raise_event("CRASH", crash->name, NULL, "", key); goto free_key; @@ -948,7 +960,10 @@ static int crashlog_new_vmevent(const char *line_to_sync, if (!crashlog) return ret; - quota = atoi(crashlog->spacequota); + if (cfg_atoi(crashlog->spacequota, crashlog->spacequota_len, + "a) == -1) + return ret; + if (!space_available(crashlog->outdir, quota)) { hist_raise_infoerror("SPACE_FULL", 10); return ret; @@ -1085,9 +1100,8 @@ int init_sender(void) if (uptime) { fd = open(uptime->path, O_RDWR | O_CREAT, 0666); if (fd < 0) { - LOGE("open failed with (%s, %d), error (%s)\n", - uptime->path, atoi(uptime->frequency), - strerror(errno)); + LOGE("failed to open (%s), error (%s)\n", + uptime->path, strerror(errno)); return -errno; } close(fd); diff --git a/tools/acrn-crashlog/common/fsutils.c b/tools/acrn-crashlog/common/fsutils.c index 629d3a876..27b782a57 100644 --- a/tools/acrn-crashlog/common/fsutils.c +++ b/tools/acrn-crashlog/common/fsutils.c @@ -910,6 +910,7 @@ free_list: * Find target file in specified dir. * * @param dir Where to start search. + * @param dlen Length of dir. * @param target_file Target file to search. * @param tflen The length of target_file. * @param depth Descend at most depth of directories below the starting dir. @@ -918,8 +919,8 @@ free_list: * * @return the count of searched files on success, or -1 on error. */ -int find_file(const char *dir, const char *target_file, size_t tflen, - int depth, char *path[], int limit) +int find_file(const char *dir, size_t dlen, const char *target_file, + size_t tflen, int depth, char *path[], int limit) { int wdepth = 0; int found = 0; @@ -928,8 +929,9 @@ int find_file(const char *dir, const char *target_file, size_t tflen, if (!dir || !target_file || !tflen || !path || limit <= 0) return -1; - if (!memccpy(wdir, dir, 0, PATH_MAX)) + if (dlen >= PATH_MAX) return -1; + *(char *)mempcpy(wdir, dir, dlen) = '\0'; dp = calloc(depth + 1, sizeof(DIR *)); if (!dp) { LOGE("out of memory\n"); @@ -1095,7 +1097,7 @@ int config_fmt_to_files(const char *file_fmt, char ***out) char *file_prefix; int i; int count; - int res; + int res = 0; int ret = 0; struct dirent **filelist; char **out_array; @@ -1114,7 +1116,7 @@ int config_fmt_to_files(const char *file_fmt, char ***out) /* It's an regular file as default */ out_array = malloc(sizeof(char *)); if (!out_array) { - ret = -errno; + ret = -1; goto free_dir; } @@ -1126,7 +1128,7 @@ int config_fmt_to_files(const char *file_fmt, char ***out) /* get dir and file prefix from format */ p = strrchr(dir, '/'); if (!p) { - LOGE("only support abs path, dir (%s)\n", dir); + LOGE("only support abs path, dir (%s)\n", file_fmt); ret = -1; goto free_dir; } @@ -1135,7 +1137,7 @@ int config_fmt_to_files(const char *file_fmt, char ***out) p = strrchr(file_prefix, '['); if (!p) { ret = -1; - LOGE("unsupported formats (%s)\n", dir); + LOGE("unsupported formats (%s)\n", file_fmt); goto free_dir; } @@ -1151,15 +1153,16 @@ int config_fmt_to_files(const char *file_fmt, char ***out) subfix = strrchr(file_fmt, '['); if (!subfix) { ret = -1; - LOGE("unsupported formats (%s)\n", dir); + LOGE("unsupported formats (%s)\n", file_fmt); goto free_dir; } - res = sscanf(subfix, "[%2[01-*]]", type); - if (res != 1) { + p = memccpy(type, subfix + 1, ']', 3); + if (!p) { ret = -1; - LOGE("unsupported formats (%s)\n", dir); + LOGE("unsupported formats (%s)\n", file_fmt); goto free_dir; - } + } else + *(p - 1) = '\0'; /* get all files which start with prefix */ count = ac_scandir(dir, &filelist, filter_filename_startswith, diff --git a/tools/acrn-crashlog/common/include/fsutils.h b/tools/acrn-crashlog/common/include/fsutils.h index ef0148531..65e7b056a 100644 --- a/tools/acrn-crashlog/common/include/fsutils.h +++ b/tools/acrn-crashlog/common/include/fsutils.h @@ -112,8 +112,8 @@ int filter_filename_startswith(const struct dirent *entry, const void *arg); int dir_contains(const char *dir, const char *filename, size_t flen, int exact); int lsdir(const char *dir, char *fullname[], int limit); -int find_file(const char *dir, const char *target_file, size_t tflen, - int depth, char *path[], int limit); +int find_file(const char *dir, size_t dlen, const char *target_file, + size_t tflen, int depth, char *path[], int limit); int read_file(const char *path, unsigned long *size, void **data); int is_ac_filefmt(const char *file_fmt); int config_fmt_to_files(const char *file_fmt, char ***out); diff --git a/tools/acrn-crashlog/usercrash/crash_dump.c b/tools/acrn-crashlog/usercrash/crash_dump.c index 273d6ed45..14ea1427c 100644 --- a/tools/acrn-crashlog/usercrash/crash_dump.c +++ b/tools/acrn-crashlog/usercrash/crash_dump.c @@ -119,18 +119,24 @@ static int get_backtrace(int pid, int fd, int sig, const char *comm) char *membkt; char format[FORMAT_LENGTH]; size_t len, ret; + int flen; loginfo(fd, "\nBackTrace:\n\n"); memset(format, 0, sizeof(format)); if (sig == DEBUGGER_SIGNAL) { - snprintf(format, sizeof(format), "-p %d", pid); + flen = snprintf(format, sizeof(format), "-p %d", pid); } else { - snprintf(format, sizeof(format), "%s %s", comm, DUMP_FILE); + flen = snprintf(format, sizeof(format), "%s %s", comm, + DUMP_FILE); if (save_coredump(DUMP_FILE) == -1) { LOGE("save core file failed\n"); return -1; } } + if (s_not_expect(flen, sizeof(format))) { + LOGE("failed to generate format\n"); + return -1; + } len = exec_out2mem(&membkt, GET_GDB_INFO, format); if (len <= 0) { LOGE("get gdb info failed\n"); @@ -163,7 +169,11 @@ static int save_proc_info(int pid, int fd, const char *path, const char *name) loginfo(fd, "\n%s:\n\n", name); memset(format, 0, sizeof(format)); - snprintf(format, sizeof(format), path, pid); + ret = snprintf(format, sizeof(format), path, pid); + if (s_not_expect(ret, sizeof(format))) { + LOGE("failed to generate format"); + return -1; + } ret = read_file(format, &size, (void *)&data); if (ret) { LOGE("read file failed\n"); @@ -191,7 +201,11 @@ static int get_openfiles(int pid, int fd, const char *path, const char *name) loginfo(fd, "\n%s:\n\n", name); memset(format, 0, sizeof(format)); - snprintf(format, sizeof(format), path, pid); + ret = snprintf(format, sizeof(format), path, pid); + if (s_not_expect(ret, sizeof(format))) { + LOGE("failed to generate format"); + return -1; + } fdcount = lsdir(format, files, ARRAY_SIZE(files)); if (fdcount < 0) { LOGE("get fd list failed\n"); @@ -263,7 +277,11 @@ static int get_key_value(int pid, const char *path, const char *key, char format[128]; memset(format, 0, sizeof(format)); - snprintf(format, sizeof(format), path, pid); + ret = snprintf(format, sizeof(format), path, pid); + if (s_not_expect(ret, sizeof(format))) { + LOGE("failed to generate format"); + return -1; + } ret = read_file(format, &size, (void *)&data); if (ret || !data) { LOGE("read file failed\n"); @@ -306,7 +324,11 @@ void crash_dump(int pid, int sig, int out_fd) char format[128]; memset(format, 0, sizeof(format)); - snprintf(format, sizeof(format), GET_COMM, pid); + ret = snprintf(format, sizeof(format), GET_COMM, pid); + if (s_not_expect(ret, sizeof(format))) { + LOGE("failed to generate format\n"); + return; + } ret = readlink(format, comm, LINK_LEN); if (ret < 0 || ret >= LINK_LEN) { LOGE("get process exe link failed\n"); diff --git a/tools/acrn-crashlog/usercrash/protocol.c b/tools/acrn-crashlog/usercrash/protocol.c index 7a54a4ab5..32fc2e2a5 100644 --- a/tools/acrn-crashlog/usercrash/protocol.c +++ b/tools/acrn-crashlog/usercrash/protocol.c @@ -110,7 +110,7 @@ static int socket_bind(int fd, const char *name) name_len = strnlen(name, SOCKET_PATH_MAX); if (name_len >= SUN_PATH_MAX) return -1; - strncpy(addr.sun_path, name, name_len + 1); + *(char *)mempcpy(addr.sun_path, name, name_len) = '\0'; unlink(addr.sun_path); alen = strnlen(addr.sun_path, SUN_PATH_MAX) + sizeof(addr.sun_family); diff --git a/tools/acrn-crashlog/usercrash/server.c b/tools/acrn-crashlog/usercrash/server.c index 16ea7f482..31743abff 100644 --- a/tools/acrn-crashlog/usercrash/server.c +++ b/tools/acrn-crashlog/usercrash/server.c @@ -132,6 +132,7 @@ static struct crash_node *pop_front(void) static void find_oldest_usercrash(void) { int i; + int len; int oldest_usercrash = 0; time_t oldest_time = LONG_MAX; char path[FILE_PATH_LEN_MAX]; @@ -139,8 +140,12 @@ static void find_oldest_usercrash(void) memset(path, 0, FILE_PATH_LEN_MAX); for (i = 0; i < usercrash_count; ++i) { - snprintf(path, sizeof(path), "%s/usercrash_%02d", + len = snprintf(path, sizeof(path), "%s/usercrash_%02d", usercrash_directory, i); + if (s_not_expect(len, sizeof(path))) { + LOGE("failed to generate path\n"); + continue; + } if (stat(path, &st) != 0) { if (errno == ENOENT) { oldest_usercrash = i; @@ -168,11 +173,16 @@ static int get_usercrash(struct crash_node *crash) * interleaving their output */ int result; + int len; char file_name[FILE_PATH_LEN_MAX]; memset(file_name, 0, FILE_PATH_LEN_MAX); - snprintf(file_name, sizeof(file_name), "%s/usercrash_%02d", + len = snprintf(file_name, sizeof(file_name), "%s/usercrash_%02d", usercrash_directory, next_usercrash); + if (s_not_expect(len, sizeof(file_name))) { + LOGE("failed to generate file name\n"); + return -1; + } if (unlink(file_name) != 0 && errno != ENOENT) { LOGE("failed to unlink usercrash at %s\n", file_name);