Fix bugs in [v]snprintf usage

When calling snprintf, supply the full buffer size instead of
one byte less.

When using the returned length from vsnprintf for logging, don't write
more than the actual buffer size (minus one for the trailing \0), in
case the formatted string was truncated.

Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/engines/falloc.c b/engines/falloc.c
index 525a0aae922d0e2d024122ba5e23ebcb24cbaf83..4654fe817aaeccbd4e70b20c060990c1562dd33e 100644 (file)
--- a/engines/falloc.c
+++ b/engines/falloc.c
@@ -44,7 +44,7 @@ open_again:
        if (f->fd == -1) {
                char buf[FIO_VERROR_SIZE];
                int __e = errno;
-               snprintf(buf, sizeof(buf) - 1, "open(%s)", f->file_name);
+               snprintf(buf, sizeof(buf), "open(%s)", f->file_name);
                td_verror(td, __e, buf);
        }
 

diff --git a/filesetup.c b/filesetup.c
index 6f0a876dd1b5dfc6f5b7ebe6e02324284cf136ab..5aadf126311b9322668c3e835b673126949fa4d5 100644 (file)
--- a/filesetup.c
+++ b/filesetup.c
@@ -563,7 +563,7 @@ open_again:
                if (__e == EMFILE && file_close_shadow_fds(td))
                        goto open_again;
 
-               snprintf(buf, sizeof(buf) - 1, "open(%s)", f->file_name);
+               snprintf(buf, sizeof(buf), "open(%s)", f->file_name);
 
                if (__e == EINVAL && (flags & OS_O_DIRECT)) {
                        log_err("fio: looks like your file system does not " \
@@ -1250,7 +1250,7 @@ static int recurse_dir(struct thread_data *td, const char *dirname)
        if (!D) {
                char buf[FIO_VERROR_SIZE];
 
-               snprintf(buf, FIO_VERROR_SIZE - 1, "opendir(%s)", dirname);
+               snprintf(buf, FIO_VERROR_SIZE, "opendir(%s)", dirname);
                td_verror(td, errno, buf);
                return 1;
        }

diff --git a/fio.h b/fio.h
index 2fd354a94c742d52b210787f5cc8bcb6d0f9fb23..d18029a04af7b8fe20a854c723e588261170e7fc 100644 (file)
--- a/fio.h
+++ b/fio.h
@@ -568,7 +568,7 @@ enum {
                int e = (err);                                          \
                (td)->error = e;                                        \
                if (!(td)->first_error)                                 \
-                       snprintf(td->verror, sizeof(td->verror) - 1, "file:%s:%d, func=%s, error=%s", __FILE__, __LINE__, (func), (msg));               \
+                       snprintf(td->verror, sizeof(td->verror), "file:%s:%d, func=%s, error=%s", __FILE__, __LINE__, (func), (msg));           \
        } while (0)
 
 

diff --git a/init.c b/init.c
index f0ad01936a33bf136dc1bc7f7b54d4d9a4657626..dfc5a8fe981b12c2a55bcf0eeada5772e3d9d03f 100644 (file)
--- a/init.c
+++ b/init.c
@@ -627,7 +627,7 @@ static char *to_kmg(unsigned int val)
                p++;
        } while (*p);
 
-       snprintf(buf, 31, "%u%c", val, *p);
+       snprintf(buf, 32, "%u%c", val, *p);
        return buf;
 }
 

diff --git a/iolog.c b/iolog.c
index 12f09d0ec019b075625fd6a4f016337657c9e151..e4c1fef9cb6ff802e3f5dffce4e24a0004565ad4 100644 (file)
--- a/iolog.c
+++ b/iolog.c
@@ -534,7 +534,7 @@ void finish_log_named(struct thread_data *td, struct io_log *log,
 {
        char file_name[256], *p;
 
-       snprintf(file_name, 200, "%s_%s.log", prefix, postfix);
+       snprintf(file_name, sizeof(file_name), "%s_%s.log", prefix, postfix);
        p = basename(file_name);
        __finish_log(log, p);
 }

diff --git a/log.c b/log.c
index af974f85b594abc1951b4bfb77ad625f4887b529..08509b32b0150f85a55d76c38776d00d856be159 100644 (file)
--- a/log.c
+++ b/log.c
@@ -12,6 +12,7 @@ int log_valist(const char *str, va_list args)
        size_t len;
 
        len = vsnprintf(buffer, sizeof(buffer), str, args);
+       len = min(len, sizeof(buffer) - 1);
 
        if (log_syslog)
                syslog(LOG_INFO, "%s", buffer);
@@ -40,6 +41,7 @@ int log_local(const char *format, ...)
        va_start(args, format);
        len = vsnprintf(buffer, sizeof(buffer), format, args);
        va_end(args);
+       len = min(len, sizeof(buffer) - 1);
 
        if (log_syslog)
                syslog(LOG_INFO, "%s", buffer);
@@ -58,6 +60,7 @@ int log_info(const char *format, ...)
        va_start(args, format);
        len = vsnprintf(buffer, sizeof(buffer), format, args);
        va_end(args);
+       len = min(len, sizeof(buffer) - 1);
 
        if (is_backend)
                return fio_server_text_output(buffer, len);
@@ -77,6 +80,7 @@ int log_err(const char *format, ...)
        va_start(args, format);
        len = vsnprintf(buffer, sizeof(buffer), format, args);
        va_end(args);
+       len = min(len, sizeof(buffer) - 1);
 
        if (is_backend)
                return fio_server_text_output(buffer, len);

diff --git a/server.c b/server.c
index 7ec8531964e15b45f5a13df9e104175482498f0f..ad785720fa0010b681e6d6c5d28e153480fd8e6d 100644 (file)
--- a/server.c
+++ b/server.c
@@ -811,6 +811,7 @@ int fio_server_log(const char *format, ...)
        va_start(args, format);
        len = vsnprintf(buffer, sizeof(buffer), format, args);
        va_end(args);
+       len = min(len, sizeof(buffer) - 1);
 
        return fio_server_text_output(buffer, len);
 }

diff --git a/stat.c b/stat.c
index 7e2feea25bc907ee41bf776bd4053ebfa01112bc..62eee9ab8736714d5518520c6995d3910c9169cb 100644 (file)
--- a/stat.c
+++ b/stat.c
@@ -753,7 +753,7 @@ static void add_ddir_status_json(struct thread_stat *ts,
                        json_object_add_value_int(percentile_object, "0.00", 0);
                        continue;
                }
-               snprintf(buf, sizeof(buf) - 1, "%2.2f", ts->percentile_list[i].u.f);
+               snprintf(buf, sizeof(buf), "%2.2f", ts->percentile_list[i].u.f);
                json_object_add_value_int(percentile_object, (const char *)buf, ovals[i]);
        }
 
@@ -959,9 +959,9 @@ static struct json_object *show_thread_status_json(struct thread_stat *ts,
        for (i = 0; i < 7; i++) {
                char name[20];
                if (i < 6)
-                       snprintf(name, 19, "%d", 1 << i);
+                       snprintf(name, 20, "%d", 1 << i);
                else
-                       snprintf(name, 19, ">=%d", 1 << i);
+                       snprintf(name, 20, ">=%d", 1 << i);
                json_object_add_value_float(tmp, (const char *)name, io_u_dist[i]);
        }
 

diff --git a/t/log.c b/t/log.c
index ac0230324717f61d736d380400d5152dace86d7c..76ae68edc7c88a04ef1fe4bacc13874962250f8b 100644 (file)
--- a/t/log.c
+++ b/t/log.c
@@ -10,6 +10,7 @@ int log_err(const char *format, ...)
        va_start(args, format);
        len = vsnprintf(buffer, sizeof(buffer), format, args);
        va_end(args);
+       len = min(len, sizeof(buffer) - 1);
 
        return fwrite(buffer, len, 1, stderr);
 }
@@ -23,6 +24,7 @@ int log_info(const char *format, ...)
        va_start(args, format);
        len = vsnprintf(buffer, sizeof(buffer), format, args);
        va_end(args);
+       len = min(len, sizeof(buffer) - 1);
 
        return fwrite(buffer, len, 1, stdout);
 }