This is an automated email from Gerrit. "Evgeniy Naydanov <evgeniy.nayda...@syntacore.com>" just uploaded a new patch set to Gerrit, which you can find at https://review.openocd.org/c/openocd/+/8761
-- gerrit commit 64c2d57eb3d418a89143b46ccc6c2a03c7e4996b Author: Evgeniy Naydanov <evgeniy.nayda...@syntacore.com> Date: Fri Feb 14 19:31:38 2025 +0300 rtos/linux: fix name overwrite in `linux_thread_extra_info()` commit 908ee4dc9641bd3df2eb00264575501867da539d (build: remove clang unused variable assignment warnings) introduced an error: ``` - tmp_str_ptr += sprintf(tmp_str_ptr, "%s", name); + sprintf(tmp_str_ptr, "%s", name); sprintf(tmp_str_ptr, "%s", temp->name); ``` This results in `name` being overwritten by `temp->name`. Fix this, adding OOM handling along the way. Change-Id: Id41f73247c3f7e6194d7c92187ad3163a9ea6c89 Signed-off-by: Evgeniy Naydanov <evgeniy.nayda...@syntacore.com> diff --git a/src/rtos/linux.c b/src/rtos/linux.c index 5467988f3e..db4dd2a7b6 100644 --- a/src/rtos/linux.c +++ b/src/rtos/linux.c @@ -1116,23 +1116,27 @@ static int linux_thread_extra_info(struct target *target, while (temp) { if (temp->threadid == threadid) { - char *pid = " PID: "; - char *pid_current = "*PID: "; - char *name = "Name: "; - int str_size = strlen(pid) + strlen(name); - char *tmp_str = calloc(1, str_size + 50); - char *tmp_str_ptr = tmp_str; - - /* discriminate current task */ - if (temp->status == 3) - tmp_str_ptr += sprintf(tmp_str_ptr, "%s", - pid_current); - else - tmp_str_ptr += sprintf(tmp_str_ptr, "%s", pid); - - tmp_str_ptr += sprintf(tmp_str_ptr, "%d, ", (int)temp->pid); - sprintf(tmp_str_ptr, "%s", name); - sprintf(tmp_str_ptr, "%s", temp->name); + const char *pid = temp->status == 3 + ? "*PID: " /* discriminate current task */ + : " PID: "; + const char *name = "Name: "; + int str_size = strlen(pid) + strlen(name) + 50; + char *tmp_str = calloc(1, str_size); + if (!tmp_str) { + LOG_ERROR("Out of memory"); + return ERROR_FAIL; + } + int res = snprintf(tmp_str, str_size, "%s%d, %s%s", pid, + (int)temp->pid, name, temp->name); + const char *error_msg = ""; + if (res < 0) + LOG_TARGET_ERROR("Failed to format the info: encoding error"); + return ERROR_FAIL; + } + if (res >= str_size) { + LOG_TARGET_ERROR("Failed to format the info: buffer is too small"); + return ERROR_FAIL; + } char *hex_str = calloc(1, strlen(tmp_str) * 2 + 1); size_t pkt_len = hexify(hex_str, (const uint8_t *)tmp_str, strlen(tmp_str), strlen(tmp_str) * 2 + 1); --