From c393548b176dc2e04a632937e95ffaac60e7b013 Mon Sep 17 00:00:00 2001
From: Mark Young <marky@lunarg.com>
Date: Tue, 25 Apr 2017 08:08:29 -0600
Subject: loader : gh1675 - Further strncat changes

This doesn't completely satisfy GH 1675, but at least resolves a
few of the holes discovered by @randomascii.

Change-Id: Idb2273851e36d4470d2f14cb09d6ac1c314497a8
---
 loader/loader.c | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

(limited to 'loader')

diff --git a/loader/loader.c b/loader/loader.c
index 45af17e4..5b61f573 100644
--- a/loader/loader.c
+++ b/loader/loader.c
@@ -290,7 +290,7 @@ static inline void loader_free_getenv(char *val, const struct loader_instance *i
 void loader_log(const struct loader_instance *inst, VkFlags msg_type, int32_t msg_code, const char *format, ...) {
     char msg[512];
     char cmd_line_msg[512];
-    uint16_t cmd_line_size = sizeof(cmd_line_msg);
+    size_t cmd_line_size = sizeof(cmd_line_msg);
     va_list ap;
     int ret;
 
@@ -311,6 +311,8 @@ void loader_log(const struct loader_instance *inst, VkFlags msg_type, int32_t ms
     }
 
     cmd_line_msg[0] = '\0';
+    cmd_line_size -= 1;
+    size_t original_size = cmd_line_size;
 
     va_start(ap, format);
     if ((msg_type & LOADER_INFO_BIT) != 0) {
@@ -318,7 +320,7 @@ void loader_log(const struct loader_instance *inst, VkFlags msg_type, int32_t ms
         cmd_line_size -= 4;
     }
     if ((msg_type & LOADER_WARN_BIT) != 0) {
-        if (cmd_line_size != sizeof(cmd_line_msg)) {
+        if (cmd_line_size != original_size) {
             strncat(cmd_line_msg, " | ", cmd_line_size);
             cmd_line_size -= 3;
         }
@@ -326,7 +328,7 @@ void loader_log(const struct loader_instance *inst, VkFlags msg_type, int32_t ms
         cmd_line_size -= 7;
     }
     if ((msg_type & LOADER_PERF_BIT) != 0) {
-        if (cmd_line_size != sizeof(cmd_line_msg)) {
+        if (cmd_line_size != original_size) {
             strncat(cmd_line_msg, " | ", cmd_line_size);
             cmd_line_size -= 3;
         }
@@ -334,7 +336,7 @@ void loader_log(const struct loader_instance *inst, VkFlags msg_type, int32_t ms
         cmd_line_size -= 4;
     }
     if ((msg_type & LOADER_ERROR_BIT) != 0) {
-        if (cmd_line_size != sizeof(cmd_line_msg)) {
+        if (cmd_line_size != original_size) {
             strncat(cmd_line_msg, " | ", cmd_line_size);
             cmd_line_size -= 3;
         }
@@ -342,23 +344,35 @@ void loader_log(const struct loader_instance *inst, VkFlags msg_type, int32_t ms
         cmd_line_size -= 5;
     }
     if ((msg_type & LOADER_DEBUG_BIT) != 0) {
-        if (cmd_line_size != sizeof(cmd_line_msg)) {
+        if (cmd_line_size != original_size) {
             strncat(cmd_line_msg, " | ", cmd_line_size);
             cmd_line_size -= 3;
         }
         strncat(cmd_line_msg, "DEBUG", cmd_line_size);
         cmd_line_size -= 5;
     }
-    if (cmd_line_size != sizeof(cmd_line_msg)) {
+    if (cmd_line_size != original_size) {
         strncat(cmd_line_msg, ": ", cmd_line_size);
         cmd_line_size -= 2;
     }
-    strncat(cmd_line_msg, msg, cmd_line_size);
+
+    if (0 < cmd_line_size) {
+        // If the message is too long, trim it down
+        if (strlen(msg) > cmd_line_size) {
+            msg[cmd_line_size - 1] = '\0';
+        }
+        strncat(cmd_line_msg, msg, cmd_line_size);
+    } else {
+        // Shouldn't get here, but check to make sure if we've already overrun
+        // the string boundary
+        assert(false);
+    }
 
 #if defined(WIN32)
     OutputDebugString(cmd_line_msg);
     OutputDebugString("\n");
 #endif
+
     fputs(cmd_line_msg, stderr);
     fputc('\n', stderr);
 }
-- 
cgit v1.2.3