[DTrace-devel] [PATCH v3 2/7] cmd, libdtrace: fix potentially unsafe printf-like calls

Wed Dec 7 05:10:47 UTC 2022

Reviewed-by: Eugene Loh <eugene.loh at oracle.com>

On 12/6/22 22:14, Kris Van Hees via DTrace-devel wrote:
> GCC 12 flagged some calls to printf-style functions for using a dynamic
> string as format without arguments.  If the dymanic string somehow can
> be made to contain a substitution sequence (%<something>) this would be
> unsafe.
>
> Due to some special case handing for error strings ending in a newline
> character, the default error, liberr, and drop strings are adjusted as
> well.
>
> Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
> ---
>   cmd/dtrace.c          |  4 ++--
>   libdtrace/dt_handle.c | 13 +++++++------
>   libdtrace/dt_printf.c |  2 +-
>   3 files changed, 10 insertions(+), 9 deletions(-)
>
> diff --git a/cmd/dtrace.c b/cmd/dtrace.c
> index 732150df..89edbc3f 100644
> --- a/cmd/dtrace.c
> +++ b/cmd/dtrace.c
> @@ -521,7 +521,7 @@ prochandler(pid_t pid, const char *msg, void *arg)
>   static int
>   errhandler(const dtrace_errdata_t *data, void *arg)
>   {
> -	error(data->dteda_msg);
> +	error("%s\n", data->dteda_msg);
>   	return DTRACE_HANDLE_OK;
>   }
>   
> @@ -529,7 +529,7 @@ errhandler(const dtrace_errdata_t *data, void *arg)
>   static int
>   drophandler(const dtrace_dropdata_t *data, void *arg)
>   {
> -	error(data->dtdda_msg);
> +	error("%s\n", data->dtdda_msg);
>   	return DTRACE_HANDLE_OK;
>   }
>   
> diff --git a/libdtrace/dt_handle.c b/libdtrace/dt_handle.c
> index 3c8f0287..6418aa64 100644
> --- a/libdtrace/dt_handle.c
> +++ b/libdtrace/dt_handle.c
> @@ -193,7 +193,7 @@ no_addr:
>   	}
>   
>   	snprintf(str, len, "error on enabled probe ID %u (ID %u: %s:%s:%s:%s): "
> -			   "%s%s in %s%s\n",
> +			   "%s%s in %s%s",
>   		 epid, errpd->id, errpd->prv, errpd->mod, errpd->fun,
>   		 errpd->prb, dtrace_faultstr(dtp, err.dteda_fault), details,
>   		 where, offinfo);
> @@ -233,7 +233,7 @@ dt_handle_liberr(dtrace_hdl_t *dtp, const dtrace_probedata_t *data,
>   	str = alloca(len);
>   
>   	snprintf(str, len,
> -		 "error on enabled probe ID %u (ID %u: %s:%s:%s:%s): %s\n",
> +		 "error on enabled probe ID %u (ID %u: %s:%s:%s:%s): %s",
>   		 data->dtpda_epid, errpd->id, errpd->prv, errpd->mod,
>   		 errpd->fun, errpd->prb, faultstr);
>   
> @@ -306,9 +306,10 @@ dt_handle_cpudrop(dtrace_hdl_t *dtp, processorid_t cpu,
>   		size = sizeof(str);
>   	}
>   
> -	snprintf(s, size, "%llu %sdrop%s on CPU %d\n",
> -	    (unsigned long long)howmany, what == DTRACEDROP_PRINCIPAL ? "" : "aggregation ",
> -	    howmany > 1 ? "s" : "", cpu);
> +	snprintf(s, size, "%llu %sdrop%s on CPU %d",
> +		 (unsigned long long)howmany,
> +		 what == DTRACEDROP_PRINCIPAL ? "" : "aggregation ",
> +		 howmany > 1 ? "s" : "", cpu);
>   
>   	if (dtp->dt_drophdlr == NULL)
>   		return dt_set_errno(dtp, EDT_DROPABORT);
> @@ -399,7 +400,7 @@ dt_handle_status(dtrace_hdl_t *dtp, dtrace_status_t *old, dtrace_status_t *new)
>   			size = sizeof(str);
>   		}
>   
> -		snprintf(s, size, "%llu %s%s%s\n",
> +		snprintf(s, size, "%llu %s%s%s",
>   		    (unsigned long long)nval - oval,
>   		    _dt_droptab[i].dtdrt_str, (nval - oval > 1) ? "s" : "",
>   		    _dt_droptab[i].dtdrt_msg != NULL ?
> diff --git a/libdtrace/dt_printf.c b/libdtrace/dt_printf.c
> index d060670a..6ee317e6 100644
> --- a/libdtrace/dt_printf.c
> +++ b/libdtrace/dt_printf.c
> @@ -1305,7 +1305,7 @@ dt_printf_format(dtrace_hdl_t *dtp, FILE *fp, const dt_pfargv_t *pfv,
>   			memcpy(tmp, pfd->pfd_prefix, pfd->pfd_preflen);
>   			tmp[pfd->pfd_preflen] = '\0';
>   
> -			if ((rval = dt_printf(dtp, fp, tmp)) < 0)
> +			if ((rval = dt_printf(dtp, fp, "%s", tmp)) < 0)
>   				return rval;
>   
>   			if (pfv->pfv_flags & DT_PRINTF_AGGREGATION) {