zdb: Handle theoretical buffer overflow when printing float
f954ea26a615
Actions

Description

zdb: Handle theoretical buffer overflow when printing float

CodeQL pointed out that for extreme floating point values, sprintf()
will overwrite a 32 character buffer. It cited 1e304 as an example,
which causes sprintf() to print 308 characters.

In practice, the numbers should never exceed 100, so this should not
happen. To silence the warning and also handle unexpected situations, we
change the code to use snprintf().

This was missed during my audit of our use of sprintf(), since I did
not think to consider extreme floating point representations. It also
really should not happen, so this change is purely defensive
programming.

This was found by CodeQL's cpp/overrunning-write-with-float check.

Reviewed-by: Damian Szuberski <szuberskidamian@gmail.com>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14264

Details

Provenance

Richard Yao <richard.yao@alumni.stonybrook.edu>	Authored on Dec 4 2022, 8:41 PM
Brian Behlendorf <behlendorf1@llnl.gov>	Committed on Dec 8 2022, 10:15 PM

Parents

rGd30db519af44: zdb: zdb_ddt_leak_init() reads uninitialized memory when birth == 0

Branches

Unknown

Tags

Unknown

Event Timeline

Brian Behlendorf <behlendorf1@llnl.gov> committed rGf954ea26a615: zdb: Handle theoretical buffer overflow when printing float (authored by Richard Yao <richard.yao@alumni.stonybrook.edu>).Dec 8 2022, 10:15 PM

Changes (1)

Path

Size

cmd/

zdb/

zdb.c

rGf954ea26a615

View Options