Fix: SEGFAULT caused by va_list usage in error message generation
#356
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bigerl
approved these changes
Mar 31, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes a SEGFAULT caused by invalid
va_listusage.Bug Description
Serd's API is written in terms of
vprintfcompatibility (i.e. you need to generate the message viav*printf*andchar const *fmt, va_list args)Since we want to put the message in a buffer instead of printing it directly, we are using
vsnprintf. This involves two calls tovsnprintf, one to figure out how big the buffer should be and another one to actually fill the buffer with the message. As it turns out the first call tovsnprintfconsumed theva_list, therefore the second call tovsnprintfwould overread into garbage. Sometimes this overread would just produce garbage messages, sometimes it would trigger a SEGFAULT.Fix
We just need to
va_copythe list for the first call. Additionally, I added some more stuff to make the code more robust.