From 8bd6d45df3777dfbeb13495d23406a2c04e19243 Mon Sep 17 00:00:00 2001 From: Ingo Weinhold Date: Fri, 18 Jan 2008 19:29:43 +0000 Subject: [PATCH] * If passed a userland pointer alloc_tracing_buffer_{memcpy,strcpy}() checks it now. * Check for NULL pointer in alloc_tracing_buffer_strcpy(), and also determine the length of userland strings before allocating the buffer (using user_strlcpy()). git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@23619 a95241bf-73f2-0310-859d-f6bbb57e9c96 --- src/system/kernel/debug/tracing.cpp | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/system/kernel/debug/tracing.cpp b/src/system/kernel/debug/tracing.cpp index f713c0261a..48ab3c224f 100644 --- a/src/system/kernel/debug/tracing.cpp +++ b/src/system/kernel/debug/tracing.cpp @@ -10,6 +10,7 @@ #include #include +#include #include @@ -296,6 +297,9 @@ alloc_tracing_buffer(size_t size) uint8* alloc_tracing_buffer_memcpy(const void* source, size_t size, bool user) { + if (user && !IS_USER_ADDRESS(source)) + return NULL; + uint8* buffer = alloc_tracing_buffer(size); if (buffer == NULL) return NULL; @@ -313,12 +317,20 @@ alloc_tracing_buffer_memcpy(const void* source, size_t size, bool user) char* alloc_tracing_buffer_strcpy(const char* source, size_t maxSize, bool user) { - if (maxSize == 0) + if (source == NULL || maxSize == 0) return NULL; - // there's no user_strnlen(), so always allocate the full buffer size - // in this case - if (!user) + if (user && !IS_USER_ADDRESS(source)) + return NULL; + + // limit maxSize to the actual source string len + if (user) { + ssize_t size = user_strlcpy(NULL, source, 0); + // there's no user_strnlen() + if (size < 0) + return 0; + maxSize = min_c(maxSize, (size_t)size + 1); + } else maxSize = strnlen(source, maxSize - 1) + 1; char* buffer = (char*)alloc_tracing_buffer(maxSize);