Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(413)

Issue 334001: Replace readlink calls with a safer version that guarantees NULL-termination. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
12 years, 11 months ago by Ben Chan
Modified:
12 years, 11 months ago
CC:
google-breakpad-dev_googlegroups.com
Base URL:
http://google-breakpad.googlecode.com/svn/trunk/
Visibility:
Public.

Description

Replace readlink calls with a safer version that guarantees NULL-termination.

This patch is part of a bigger patch that helps merging the breakpad code
with the modified version in Chromium OS.

Specifically, this patch makes the following changes:
1. Add a SafeReadLink function that wraps sys_readlink() to resolve a
   symbolic link but guarantees the result is NULL-terminated on success.
2. Refactor other source code to use SafeReadLink instead of readlink()
   or sys_readlink().

BUG=455
TEST=Tested the following:
1. Build on 32-bit and 64-bit Linux with gcc 4.4.3 and gcc 4.6.
2. Build on Mac OS X 10.6.8 with gcc 4.2 and clang 3.0 (with latest gmock).
3. All unit tests pass.
4. Run minidump-2-core to covnert a minidump file to a core file.

Patch Set 1 #

Total comments: 10

Patch Set 2 : '' #

Total comments: 2

Patch Set 3 : '' #

Unified diffs Side-by-side diffs Delta from patch set Stats Patch
M Makefile.am View 4 chunks +6 lines, -1 line 0 comments Download
M Makefile.in View 17 chunks +59 lines, -3 lines 0 comments Download
M src/client/linux/crash_generation/crash_generation_server.cc View 1 2 3 chunks +4 lines, -5 lines 0 comments Download
M src/client/linux/minidump_writer/linux_dumper.cc View 1 2 2 chunks +2 lines, -3 lines 0 comments Download
M src/client/linux/minidump_writer/linux_dumper_unittest.cc View 1 2 3 chunks +3 lines, -4 lines 0 comments Download
M src/client/linux/minidump_writer/minidump_writer_unittest.cc View 1 2 2 chunks +3 lines, -2 lines 0 comments Download
M src/common/linux/file_id_unittest.cc View 1 2 2 chunks +3 lines, -3 lines 0 comments Download
A src/common/linux/safe_readlink.cc View 1 2 1 chunk +53 lines, -0 lines 0 comments Download
A src/common/linux/safe_readlink.h View 1 2 1 chunk +65 lines, -0 lines 0 comments Download
A src/common/linux/safe_readlink_unittest.cc View 1 2 1 chunk +89 lines, -0 lines 0 comments Download

Messages

Total messages: 7
Ben Chan
12 years, 11 months ago #1
Ben Chan
http://breakpad.appspot.com/334001/diff/1/4 File src/client/linux/crash_generation/crash_generation_server.cc (right): http://breakpad.appspot.com/334001/diff/1/4#newcode83 Line 83: char buf[256]; Should it be changed to NAME_MAX ...
12 years, 11 months ago #2
Lei Zhang (chromium)
http://breakpad.appspot.com/334001/diff/1/4 File src/client/linux/crash_generation/crash_generation_server.cc (right): http://breakpad.appspot.com/334001/diff/1/4#newcode83 Line 83: char buf[256]; On 2011/12/19 21:17:24, Ben Chan wrote: ...
12 years, 11 months ago #3
Ben Chan
http://breakpad.appspot.com/334001/diff/1/4 File src/client/linux/crash_generation/crash_generation_server.cc (right): http://breakpad.appspot.com/334001/diff/1/4#newcode83 Line 83: char buf[256]; On 2011/12/19 21:58:31, thestig wrote: > ...
12 years, 11 months ago #4
Lei Zhang (chromium)
On 2011/12/19 22:54:22, Ben Chan wrote: > On 2011/12/19 21:58:31, thestig wrote: > > Does ...
12 years, 11 months ago #5
Ted Mielczarek
Just one comment, LGO http://breakpad.appspot.com/334001/diff/3003/4008 File src/common/linux/safe_readlink.cc (right): http://breakpad.appspot.com/334001/diff/3003/4008#newcode39 Line 39: bool SafeReadLink(const char* path, ...
12 years, 11 months ago #6
Ben Chan
12 years, 11 months ago #7
http://breakpad.appspot.com/334001/diff/3003/4008
File src/common/linux/safe_readlink.cc (right):

http://breakpad.appspot.com/334001/diff/3003/4008#newcode39
Line 39: bool SafeReadLink(const char* path, char* buffer, size_t* buffer_size)
{
On 2011/12/20 12:44:05, Ted Mielczarek wrote:
> I agree that buffer_size should just be an input param. I think you could go
one
> step further and add a helper template in the header that avoids the need to
> pass the size when passing an array, like:
> template<size_t N>
> bool SafeReadLink(const char* path, char (&buffer)[N]) {
>   return SafeReadLink(path, buffer, N);
> }
> 
> Since most of the callers are passing arrays anyway, this would save one
> parameter but still be safe.

Done.

Thanks for the inputs. I've changed the function based on the consensus such
that |buffer_size| is a simple input argument. Also added the template helper as
you suggested.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1004:630ec63f810e-tainted