This is an automated email from Gerrit.

"Evgeniy Naydanov <evgeniy.nayda...@syntacore.com>" just uploaded a new patch 
set to Gerrit, which you can find at https://review.openocd.org/c/openocd/+/8761

-- gerrit

commit 64c2d57eb3d418a89143b46ccc6c2a03c7e4996b
Author: Evgeniy Naydanov <evgeniy.nayda...@syntacore.com>
Date:   Fri Feb 14 19:31:38 2025 +0300

    rtos/linux: fix name overwrite in `linux_thread_extra_info()`
    
    commit 908ee4dc9641bd3df2eb00264575501867da539d (build: remove clang
    unused variable assignment warnings) introduced an error:
    ```
    -            tmp_str_ptr += sprintf(tmp_str_ptr, "%s", name);
    +            sprintf(tmp_str_ptr, "%s", name);
                 sprintf(tmp_str_ptr, "%s", temp->name);
    ```
    This results in `name` being overwritten by `temp->name`.
    Fix this, adding OOM handling along the way.
    
    Change-Id: Id41f73247c3f7e6194d7c92187ad3163a9ea6c89
    Signed-off-by: Evgeniy Naydanov <evgeniy.nayda...@syntacore.com>

diff --git a/src/rtos/linux.c b/src/rtos/linux.c
index 5467988f3e..db4dd2a7b6 100644
--- a/src/rtos/linux.c
+++ b/src/rtos/linux.c
@@ -1116,23 +1116,27 @@ static int linux_thread_extra_info(struct target 
*target,
 
        while (temp) {
                if (temp->threadid == threadid) {
-                       char *pid = " PID: ";
-                       char *pid_current = "*PID: ";
-                       char *name = "Name: ";
-                       int str_size = strlen(pid) + strlen(name);
-                       char *tmp_str = calloc(1, str_size + 50);
-                       char *tmp_str_ptr = tmp_str;
-
-                       /*  discriminate current task */
-                       if (temp->status == 3)
-                               tmp_str_ptr += sprintf(tmp_str_ptr, "%s",
-                                               pid_current);
-                       else
-                               tmp_str_ptr += sprintf(tmp_str_ptr, "%s", pid);
-
-                       tmp_str_ptr += sprintf(tmp_str_ptr, "%d, ", 
(int)temp->pid);
-                       sprintf(tmp_str_ptr, "%s", name);
-                       sprintf(tmp_str_ptr, "%s", temp->name);
+                       const char *pid = temp->status == 3
+                               ? "*PID: " /*  discriminate current task */
+                               : " PID: ";
+                       const char *name = "Name: ";
+                       int str_size = strlen(pid) + strlen(name) + 50;
+                       char *tmp_str = calloc(1, str_size);
+                       if (!tmp_str) {
+                               LOG_ERROR("Out of memory");
+                               return ERROR_FAIL;
+                       }
+                       int res = snprintf(tmp_str, str_size, "%s%d, %s%s", pid,
+                                       (int)temp->pid, name, temp->name);
+                       const char *error_msg = "";
+                       if (res < 0)
+                               LOG_TARGET_ERROR("Failed to format the info: 
encoding error");
+                               return ERROR_FAIL;
+                       }
+                       if (res >= str_size) {
+                               LOG_TARGET_ERROR("Failed to format the info: 
buffer is too small");
+                               return ERROR_FAIL;
+                       }
                        char *hex_str = calloc(1, strlen(tmp_str) * 2 + 1);
                        size_t pkt_len = hexify(hex_str, (const uint8_t 
*)tmp_str,
                                strlen(tmp_str), strlen(tmp_str) * 2 + 1);

-- 

Reply via email to