Avoid reading outside memory buffer for large debug log messages

When the debug mode is enabled, the vlog function formats a log message
in a stack-allocated buffer using vsnprintf and assumes that the
returned value represents the number of written bytes. This is an
incorrect assumption if the message is larger than the buffer
size (minus one) since the return value tells how many bytes *would*
have been written.

diff --git a/doc/NEWS.adoc b/doc/NEWS.adoc
index ff6a9a38404e446117c60ec03f8792008504c958..f724a99e3750d1dede07a6e55396b127969d265c 100644 (file)
--- a/doc/NEWS.adoc
+++ b/doc/NEWS.adoc
@@ -11,6 +11,8 @@ Changes
 * Fixed crash when the debug mode is enabled and the output file is in a
   non-writable directory, e.g. when the output file is `/dev/null`.
 
+* Fixed an issue when printing very large log messages to the debug log.
+
 
 ccache 3.6
 ----------

diff --git a/src/util.c b/src/util.c
index a49fb4ce3601d009f3bc17fab0ff10de92fbf803..87909df1190c80927c8ab1a80bfd52831e4c5ea8 100644 (file)
--- a/src/util.c
+++ b/src/util.c
@@ -1,5 +1,5 @@
 // Copyright (C) 2002 Andrew Tridgell
-// Copyright (C) 2009-2018 Joel Rosdahl
+// Copyright (C) 2009-2019 Joel Rosdahl
 //
 // This program is free software; you can redistribute it and/or modify it
 // under the terms of the GNU General Public License as published by the Free
@@ -158,9 +158,11 @@ vlog(const char *format, va_list ap, bool log_updated_time)
        }
        if (logbuffer) {
                char buf[1024];
-               size_t len = vsnprintf(buf, sizeof(buf), format, aq);
-               append_log(buf, len);
-               append_log("\n", 1);
+               int len = vsnprintf(buf, sizeof(buf), format, aq);
+               if (len >= 0) {
+                       append_log(buf, MIN((size_t)len, sizeof(buf) - 1));
+                       append_log("\n", 1);
+               }
        }
        va_end(aq);
 }