Use snprintf to prevent buffer overflows in format_exception_msg.

This commit is contained in:
Francois Gouget 2001-04-23 18:24:38 +00:00 committed by Alexandre Julliard
parent c4efb32c7e
commit ec0bff1585
1 changed files with 32 additions and 24 deletions

View File

@ -69,75 +69,83 @@ void WINAPI RaiseException( DWORD code, DWORD flags, DWORD nbargs, const LPDWORD
/******************************************************************* /*******************************************************************
* format_exception_msg * format_exception_msg
*/ */
static void format_exception_msg( const EXCEPTION_POINTERS *ptr, char *buffer ) static int format_exception_msg( const EXCEPTION_POINTERS *ptr, char *buffer, int size )
{ {
const EXCEPTION_RECORD *rec = ptr->ExceptionRecord; const EXCEPTION_RECORD *rec = ptr->ExceptionRecord;
int len,len2;
switch(rec->ExceptionCode) switch(rec->ExceptionCode)
{ {
case EXCEPTION_INT_DIVIDE_BY_ZERO: case EXCEPTION_INT_DIVIDE_BY_ZERO:
sprintf( buffer, "Unhandled division by zero" ); len = snprintf( buffer, size, "Unhandled division by zero" );
break; break;
case EXCEPTION_INT_OVERFLOW: case EXCEPTION_INT_OVERFLOW:
sprintf( buffer, "Unhandled overflow" ); len = snprintf( buffer, size, "Unhandled overflow" );
break; break;
case EXCEPTION_ARRAY_BOUNDS_EXCEEDED: case EXCEPTION_ARRAY_BOUNDS_EXCEEDED:
sprintf( buffer, "Unhandled array bounds" ); len = snprintf( buffer, size, "Unhandled array bounds" );
break; break;
case EXCEPTION_ILLEGAL_INSTRUCTION: case EXCEPTION_ILLEGAL_INSTRUCTION:
sprintf( buffer, "Unhandled illegal instruction" ); len = snprintf( buffer, size, "Unhandled illegal instruction" );
break; break;
case EXCEPTION_STACK_OVERFLOW: case EXCEPTION_STACK_OVERFLOW:
sprintf( buffer, "Unhandled stack overflow" ); len = snprintf( buffer, size, "Unhandled stack overflow" );
break; break;
case EXCEPTION_PRIV_INSTRUCTION: case EXCEPTION_PRIV_INSTRUCTION:
sprintf( buffer, "Unhandled priviledged instruction" ); len = snprintf( buffer, size, "Unhandled priviledged instruction" );
break; break;
case EXCEPTION_ACCESS_VIOLATION: case EXCEPTION_ACCESS_VIOLATION:
if (rec->NumberParameters == 2) if (rec->NumberParameters == 2)
sprintf( buffer, "Unhandled page fault on %s access to 0x%08lx", len = snprintf( buffer, size, "Unhandled page fault on %s access to 0x%08lx",
rec->ExceptionInformation[0] ? "write" : "read", rec->ExceptionInformation[0] ? "write" : "read",
rec->ExceptionInformation[1]); rec->ExceptionInformation[1]);
else else
sprintf( buffer, "Unhandled page fault"); len = snprintf( buffer, size, "Unhandled page fault");
break; break;
case EXCEPTION_DATATYPE_MISALIGNMENT: case EXCEPTION_DATATYPE_MISALIGNMENT:
sprintf( buffer, "Unhandled alignment" ); len = snprintf( buffer, size, "Unhandled alignment" );
break; break;
case CONTROL_C_EXIT: case CONTROL_C_EXIT:
sprintf( buffer, "Unhandled ^C"); len = snprintf( buffer, size, "Unhandled ^C");
break; break;
case EXCEPTION_CRITICAL_SECTION_WAIT: case EXCEPTION_CRITICAL_SECTION_WAIT:
sprintf( buffer, "Critical section %08lx wait failed", len = snprintf( buffer, size, "Critical section %08lx wait failed",
rec->ExceptionInformation[0]); rec->ExceptionInformation[0]);
break; break;
case EXCEPTION_WINE_STUB: case EXCEPTION_WINE_STUB:
sprintf( buffer, "Unimplemented function %s.%s called", len = snprintf( buffer, size, "Unimplemented function %s.%s called",
(char *)rec->ExceptionInformation[0], (char *)rec->ExceptionInformation[1] ); (char *)rec->ExceptionInformation[0], (char *)rec->ExceptionInformation[1] );
break; break;
case EXCEPTION_VM86_INTx: case EXCEPTION_VM86_INTx:
sprintf( buffer, "Unhandled interrupt %02lx in vm86 mode", len = snprintf( buffer, size, "Unhandled interrupt %02lx in vm86 mode",
rec->ExceptionInformation[0]); rec->ExceptionInformation[0]);
break; break;
case EXCEPTION_VM86_STI: case EXCEPTION_VM86_STI:
sprintf( buffer, "Unhandled sti in vm86 mode"); len = snprintf( buffer, size, "Unhandled sti in vm86 mode");
break; break;
case EXCEPTION_VM86_PICRETURN: case EXCEPTION_VM86_PICRETURN:
sprintf( buffer, "Unhandled PIC return in vm86 mode"); len = snprintf( buffer, size, "Unhandled PIC return in vm86 mode");
break; break;
default: default:
sprintf( buffer, "Unhandled exception 0x%08lx", rec->ExceptionCode); len = snprintf( buffer, size, "Unhandled exception 0x%08lx", rec->ExceptionCode);
break; break;
} }
if ((len<0) || (len>=size))
return -1;
#ifdef __i386__ #ifdef __i386__
if (ptr->ContextRecord->SegCs != __get_cs()) if (ptr->ContextRecord->SegCs != __get_cs())
sprintf( buffer+strlen(buffer), " at address 0x%04lx:0x%08lx.\n", len2 = snprintf(buffer+len, size-len,
ptr->ContextRecord->SegCs, (DWORD)ptr->ExceptionRecord->ExceptionAddress ); " at address 0x%04lx:0x%08lx.\nDo you wish to debug it ?",
ptr->ContextRecord->SegCs,
(DWORD)ptr->ExceptionRecord->ExceptionAddress);
else else
#endif #endif
sprintf( buffer+strlen(buffer), " at address 0x%08lx.\n", len2 = snprintf(buffer+len, size-len,
" at address 0x%08lx.\nDo you wish to debug it ?",
(DWORD)ptr->ExceptionRecord->ExceptionAddress); (DWORD)ptr->ExceptionRecord->ExceptionAddress);
strcat( buffer, "Do you wish to debug it ?" ); if ((len2<0) || (len>=size-len))
return -1;
return len+len2;
} }
@ -252,8 +260,8 @@ DWORD WINAPI UnhandledExceptionFilter(PEXCEPTION_POINTERS epointers)
if (mod) pMessageBoxA = (MessageBoxA_funcptr)GetProcAddress( mod, "MessageBoxA" ); if (mod) pMessageBoxA = (MessageBoxA_funcptr)GetProcAddress( mod, "MessageBoxA" );
if (pMessageBoxA) if (pMessageBoxA)
{ {
format_exception_msg( epointers, buffer ); format_exception_msg( epointers, buffer, sizeof(buffer) );
if (pMessageBoxA( 0, buffer, "Error", MB_YESNO | MB_ICONHAND ) == IDNO) if (pMessageBoxA( 0, buffer, "Exception raised", MB_YESNO | MB_ICONHAND ) == IDNO)
{ {
TRACE("Killing process\n"); TRACE("Killing process\n");
return EXCEPTION_EXECUTE_HANDLER; return EXCEPTION_EXECUTE_HANDLER;