Ticket #648 (reopened defect)
segfault due to wrong string handling in CPSV/DTSV at logging
| Reported by: | bertil.engelholm@… | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 4.0.3.GA |
| Component: | saf/cpsv | Version: | |
| Keywords: | Cc: | ||
| patch waiting for maintainer: | yes |
Description
When CPND logs e.g. Ckpt Sect Get Failed (e.g. in ckpt_evt_proc_ckpt_sect_exp_set) it tries to include the sect_id.id as a string. The problem is that this string don't seem to be null terminated so there are garbage data added to the log string. When this string later is sent to the device (using fprintf in dts_pvt.c:dtsv_log_msg) this garbage data might accidently be interpreted as a fprintf format string (e.g. %s) which will make fprintf expect additional arguments. But this argument is not included by dtsv_log_msg so fprintf seems to use garbage data causing a segfault to happen.
So the formating of seg_id needs to be changed so that garbage data is not added to the log string and the fprintf in dtsv_log_msg should be changed to e.g. fwrite since the only thing that should be done here is to send a string to the device. There shouldn't be any format characters in the string at this point so using fprintf is unnecessary (it only cost extra execution time to look for format strings that are not there).
