From f2ce97224a5b6862bbc6685b7b263f16c4304d5e Mon Sep 17 00:00:00 2001 From: Andrew Kesterson Date: Sat, 10 Jan 2026 08:42:50 -0500 Subject: [PATCH] Fix a possible buffer overflow when writing to the stacktrace buffer --- include/akerror.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/akerror.h b/include/akerror.h index 47e8bc6..f0308ec 100644 --- a/include/akerror.h +++ b/include/akerror.h @@ -172,9 +172,9 @@ void error_default_logger(const char *f, ...); #define DETECT(__err_context, __stmt) \ __stmt; \ if ( __err_context != NULL ) { \ - __err_context->stacktracebufptr += sprintf(__err_context->stacktracebufptr, "%s:%s:%d: Detected error %d from heap (refcount %d)\n", (char *)__FILE__, (char *)__func__, __LINE__, __err_context->heapid, __err_context->refcount); \ + __err_context->stacktracebufptr += snprintf(__err_context->stacktracebufptr, MAX_ERROR_STACKTRACE_BUF_LENGTH, "%s:%s:%d: Detected error %d from heap (refcount %d)\n", (char *)__FILE__, (char *)__func__, __LINE__, __err_context->heapid, __err_context->refcount); \ if ( __err_context->status != 0 ) { \ - __err_context->stacktracebufptr += sprintf(__err_context->stacktracebufptr, "%s:%s:%d\n", (char *)__FILE__, (char *)__func__, __LINE__); \ + __err_context->stacktracebufptr += snprintf(__err_context->stacktracebufptr, MAX_ERROR_STACKTRACE_BUF_LENGTH, "%s:%s:%d\n", (char *)__FILE__, (char *)__func__, __LINE__); \ break; \ } \ } @@ -219,7 +219,7 @@ void error_default_logger(const char *f, ...); }; \ if ( __err_context != NULL ) { \ if ( __err_context->handled == false && __pass_up == true ) { \ - __err_context->stacktracebufptr += sprintf(__err_context->stacktracebufptr, "%s:%s:%d\n", (char *)__FILE__, (char *)__func__, __LINE__); \ + __err_context->stacktracebufptr += snprintf(__err_context->stacktracebufptr, MAX_ERROR_STACKTRACE_BUF_LENGTH, "%s:%s:%d\n", (char *)__FILE__, (char *)__func__, __LINE__); \ return __err_context; \ } \ } \