From 68da198e67ef88a55dfb184b804b91534d9406fc Mon Sep 17 00:00:00 2001
From: Elijah Conners <business@elijahpepe.com>
Date: Tue, 19 Jul 2022 22:37:47 -0700
Subject: fix(mutex): safely call snprintf

In the PostSynchEvent() function, the pos integer uses an implementation
of snprintf that is fundamentally unsafe: since the return value of
snprintf is the number of characters that would have been written to the
buffer, if an operation reaches the end of the buffer with more than one
character discarded, the return value will be greater than the buffer
size, requiring a check of the buffer's current size.

Signed-off-by: Elijah Conners <business@elijahpepe.com>
---
 absl/synchronization/mutex.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'absl/synchronization/mutex.cc')

diff --git a/absl/synchronization/mutex.cc b/absl/synchronization/mutex.cc
index 52e2455d..1e3ca35a 100644
--- a/absl/synchronization/mutex.cc
+++ b/absl/synchronization/mutex.cc
@@ -430,7 +430,11 @@ static void PostSynchEvent(void *obj, int ev) {
     char buffer[ABSL_ARRAYSIZE(pcs) * 24];
     int pos = snprintf(buffer, sizeof (buffer), " @");
     for (int i = 0; i != n; i++) {
-      pos += snprintf(&buffer[pos], sizeof (buffer) - pos, " %p", pcs[i]);
+      int b += snprintf(&buffer[pos], sizeof (buffer) - pos, " %p", pcs[i]);
+      if (b < 0 || b >= sizeof (buffer) - pos) {
+        break;
+      }
+      pos += b;
     }
     ABSL_RAW_LOG(INFO, "%s%p %s %s", event_properties[ev].msg, obj,
                  (e == nullptr ? "" : e->name), buffer);
-- 
cgit v1.2.3


From 0e0d8054dc5b8090668eed5f376d218ff2b50225 Mon Sep 17 00:00:00 2001
From: Elijah Conners <business@elijahpepe.com>
Date: Thu, 21 Jul 2022 13:18:12 -0700
Subject: fix: properly create the b integer

Signed-off-by: Elijah Conners <business@elijahpepe.com>
---
 absl/synchronization/mutex.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'absl/synchronization/mutex.cc')

diff --git a/absl/synchronization/mutex.cc b/absl/synchronization/mutex.cc
index 1e3ca35a..69ef9135 100644
--- a/absl/synchronization/mutex.cc
+++ b/absl/synchronization/mutex.cc
@@ -430,7 +430,7 @@ static void PostSynchEvent(void *obj, int ev) {
     char buffer[ABSL_ARRAYSIZE(pcs) * 24];
     int pos = snprintf(buffer, sizeof (buffer), " @");
     for (int i = 0; i != n; i++) {
-      int b += snprintf(&buffer[pos], sizeof (buffer) - pos, " %p", pcs[i]);
+      int b = snprintf(&buffer[pos], sizeof (buffer) - pos, " %p", pcs[i]);
       if (b < 0 || b >= sizeof (buffer) - pos) {
         break;
       }
-- 
cgit v1.2.3