* If passed a userland pointer alloc_tracing_buffer_{memcpy,strcpy}()

checks it now. * Check for NULL pointer in alloc_tracing_buffer_strcpy(), and also determine the length of userland strings before allocating the buffer (using user_strlcpy()). git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@23619 a95241bf-73f2-0310-859d-f6bbb57e9c96
2008-01-18 19:29:43 +00:00 · 2008-01-18 19:29:43 +00:00 · 8bd6d45df3
commit 8bd6d45df3
parent 19101ba0f4
1 changed files with 16 additions and 4 deletions
--- a/src/system/kernel/debug/tracing.cpp
+++ b/src/system/kernel/debug/tracing.cpp
@ -10,6 +10,7 @@
 #include <stdlib.h>

 #include <debug.h>
+#include <kernel.h>
 #include <util/AutoLock.h>


@ -296,6 +297,9 @@ alloc_tracing_buffer(size_t size)
 uint8*
 alloc_tracing_buffer_memcpy(const void* source, size_t size, bool user)
 {
+	if (user && !IS_USER_ADDRESS(source))
+		return NULL;
+
 	uint8* buffer = alloc_tracing_buffer(size);
 	if (buffer == NULL)
 		return NULL;
@ -313,12 +317,20 @@ alloc_tracing_buffer_memcpy(const void* source, size_t size, bool user)
 char*
 alloc_tracing_buffer_strcpy(const char* source, size_t maxSize, bool user)
 {
-	if (maxSize == 0)
+	if (source == NULL || maxSize == 0)
 		return NULL;

-	// there's no user_strnlen(), so always allocate the full buffer size
-	// in this case
-	if (!user)
+	if (user && !IS_USER_ADDRESS(source))
+		return NULL;
+
+	// limit maxSize to the actual source string len
+	if (user) {
+		ssize_t size = user_strlcpy(NULL, source, 0);
+			// there's no user_strnlen()
+		if (size < 0)
+			return 0;
+		maxSize = min_c(maxSize, (size_t)size + 1);
+	} else
 		maxSize = strnlen(source, maxSize - 1) + 1;

 	char* buffer = (char*)alloc_tracing_buffer(maxSize);