[Sanitizer] Fix false positive in printf interceptors: properly handle precision for %s

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@199895 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 13 insertions, 2 deletions

diff --git a/lib/sanitizer_common/sanitizer_common_interceptors_format.inc b/lib/sanitizer_common/sanitizer_common_interceptors_format.inc
index 1940deeef..40ebef2b1 100644
--- a/lib/sanitizer_common/sanitizer_common_interceptors_format.inc
+++ b/lib/sanitizer_common/sanitizer_common_interceptors_format.inc
@@ -381,7 +381,8 @@ static const char *maybe_parse_number_or_star(const char *p, int *out,
 // Parse printf format string. Same as scanf_parse_next.
 static const char *printf_parse_next(const char *p, PrintfDirective *dir) {
   internal_memset(dir, 0, sizeof(*dir));
-  dir->argIdx = dir->precisionIdx = -1;
+  dir->argIdx = -1;
+  dir->precisionIdx = -1;
 
   while (*p) {
     if (*p != '%') {
@@ -526,7 +527,17 @@ static void printf_common(void *ctx, const char *format, va_list aq) {
       continue;
     } else if (size == FSS_STRLEN) {
       if (void *argp = va_arg(aq, void *)) {
-        size = internal_strlen((const char *)argp) + 1;
+        if (dir.starredPrecision) {
+          // FIXME: properly support starred precision for strings.
+          size = 0;
+        } else if (dir.fieldPrecision > 0) {
+          // Won't read more than "precision" symbols.
+          size = internal_strnlen((const char *)argp, dir.fieldPrecision);
+          if (size < dir.fieldPrecision) size++;
+        } else {
+          // Whole string will be accessed.
+          size = internal_strlen((const char *)argp) + 1;
+        }
         COMMON_INTERCEPTOR_READ_RANGE(ctx, argp, size);
       }
     } else {