Revert truncation of string or raw block

Commit d319ebf4d2d449d70befae0eebbdd82c19c5315f introduced new handling of the situation when writing data to the user buffer would exceed its size. This was achieved by truncating the data to fit. This solution had a problem: It could lead to a buffer overflow when the updated arg_size gets negative (actually undefined value because it is unsigned). As a quick fix the behaviour is reverted to the state before the aforementioned commit. Signed-off-by: Lutz Helwing <lutz_helwing@mentor.com>
author: Lutz Helwing <lutz_helwing@mentor.com> 2016-03-22 11:24:33 +0100
committer: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> 2016-04-22 10:57:04 +0200
commit: 568cafbfdd548f8221d43e50c044054a363a4315 (patch)
tree: af15344a2f767fdfa32a130687861ed7c8a24876
parent: 4a321d5e579014b79ad486b017d90f17483c671b (diff)
download: DLT-daemon-568cafbfdd548f8221d43e50c044054a363a4315.tar.gz
1 files changed, 16 insertions, 26 deletions
diff --git a/src/lib/dlt_user.c b/src/lib/dlt_user.c
index 69fb1a4..4312047 100644
--- a/src/lib/dlt_user.c
+++ b/src/lib/dlt_user.c
@@ -1404,9 +1404,8 @@ DltReturnValue dlt_user_log_write_raw(DltContextData *log, void *data, uint16_t
 
 DltReturnValue dlt_user_log_write_raw_formatted(DltContextData *log, void *data, uint16_t length, DltFormatType type)
 {
-    uint16_t arg_size = 0;
-    uint32_t type_info = 0;
     size_t new_log_size = 0;
+    uint32_t type_info  = 0;
 
     // check nullpointer
     if (log == NULL || data == NULL)
@@ -1425,18 +1424,17 @@ DltReturnValue dlt_user_log_write_raw_formatted(DltContextData *log, void *data,
         return DLT_RETURN_ERROR;
     }
 
-    arg_size = (uint16_t)length;
-    new_log_size = log->size + arg_size + sizeof(uint16_t);
+    new_log_size = log->size + length + sizeof(uint16_t);
 
     if (new_log_size > DLT_USER_BUF_MAX_SIZE)
-        arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE;
+        return DLT_RETURN_ERROR;
 
     if (dlt_user.verbose_mode)
     {
-        new_log_size = log->size + arg_size + sizeof(uint32_t) + sizeof(uint16_t);
+        new_log_size = log->size + length + sizeof(uint32_t) + sizeof(uint16_t);
 
         if (new_log_size > DLT_USER_BUF_MAX_SIZE)
-            arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE;
+            return DLT_RETURN_ERROR;
 
         /* Transmit type information */
         type_info = DLT_TYPE_INFO_RAWD;
@@ -1457,11 +1455,11 @@ DltReturnValue dlt_user_log_write_raw_formatted(DltContextData *log, void *data,
     }
 
     /* First transmit length of raw data, then the raw data itself */
-    memcpy((log->buffer) + log->size, &(arg_size), sizeof(uint16_t));
+    memcpy((log->buffer) + log->size, &(length), sizeof(uint16_t));
     log->size += sizeof(uint16_t);
 
-    memcpy((log->buffer) + log->size, data, arg_size);
-    log->size += arg_size;
+    memcpy((log->buffer) + log->size, data, length);
+    log->size += length;
 
     log->args_num++;
 
@@ -2237,14 +2235,14 @@ DltReturnValue dlt_user_log_write_string(DltContextData *log, const char *text)
     new_log_size = log->size + arg_size + sizeof(uint16_t);
 
     if (new_log_size > DLT_USER_BUF_MAX_SIZE)
-        arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE;
+        return DLT_RETURN_ERROR;
 
     if (dlt_user.verbose_mode)
     {
         new_log_size = log->size + arg_size + sizeof(uint32_t) + sizeof(uint16_t);
 
         if (new_log_size > DLT_USER_BUF_MAX_SIZE)
-            arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE;
+            return DLT_RETURN_ERROR;
 
         type_info = DLT_TYPE_INFO_STRG | DLT_SCOD_ASCII;
 
@@ -2255,12 +2253,8 @@ DltReturnValue dlt_user_log_write_string(DltContextData *log, const char *text)
     memcpy((log->buffer) + log->size, &(arg_size), sizeof(uint16_t));
     log->size += sizeof(uint16_t);
 
-    memcpy((log->buffer) + log->size, text, arg_size - 1);
-    log->size += arg_size - 1;
-
-    /* Of course, buffer has to be 0-terminated here */
-    log->buffer[log->size] = '\000';
-    log->size++;
+    memcpy((log->buffer) + log->size, text, arg_size);
+    log->size += arg_size;
 
     log->args_num++;
 
@@ -2292,14 +2286,14 @@ DltReturnValue dlt_user_log_write_utf8_string(DltContextData *log, const char *t
     new_log_size = log->size + arg_size + sizeof(uint16_t);
 
     if (new_log_size > DLT_USER_BUF_MAX_SIZE)
-        arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE;
+        return DLT_RETURN_ERROR;
 
     if (dlt_user.verbose_mode)
     {
         new_log_size = log->size + arg_size + sizeof(uint32_t) + sizeof(uint16_t);
 
         if (new_log_size > DLT_USER_BUF_MAX_SIZE)
-            arg_size -= new_log_size - DLT_USER_BUF_MAX_SIZE;
+            return DLT_RETURN_ERROR;
 
         type_info = DLT_TYPE_INFO_STRG | DLT_SCOD_UTF8;
 
@@ -2310,12 +2304,8 @@ DltReturnValue dlt_user_log_write_utf8_string(DltContextData *log, const char *t
     memcpy((log->buffer) + log->size, &(arg_size), sizeof(uint16_t));
     log->size += sizeof(uint16_t);
 
-    memcpy((log->buffer) + log->size, text, arg_size - 1);
-    log->size += arg_size - 1;
-
-    /* Of course, buffer has to be 0-terminated here */
-    log->buffer[log->size] = '\000';
-    log->size++;
+    memcpy((log->buffer) + log->size, text, arg_size);
+    log->size += arg_size;
 
     log->args_num++;
author	Lutz Helwing <lutz_helwing@mentor.com>	2016-03-22 11:24:33 +0100
committer	Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>	2016-04-22 10:57:04 +0200
commit	568cafbfdd548f8221d43e50c044054a363a4315 (patch)
tree	af15344a2f767fdfa32a130687861ed7c8a24876
parent	4a321d5e579014b79ad486b017d90f17483c671b (diff)
download	DLT-daemon-568cafbfdd548f8221d43e50c044054a363a4315.tar.gz