From 544a7c9e84f794b2f2567f76217adf57b608f55e Mon Sep 17 00:00:00 2001 From: Christine Caulfield Date: Thu, 1 Jun 2023 08:23:38 +0100 Subject: [PATCH] blackbox: fix potential overlow/memory corruption if the message was too long, then msg_len was added to the buffer size twice, thus causing potential data corruption (seen VERY rarely in the CI test - or, at least, I think it was this). Also fix a double close() spotted by gcc13's -fanalyzer --- lib/log_blackbox.c | 1 - lib/unix.c | 5 +++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/log_blackbox.c b/lib/log_blackbox.c index 1e92ae5e..3e305049 100644 --- a/lib/log_blackbox.c +++ b/lib/log_blackbox.c @@ -118,7 +118,6 @@ _blackbox_vlogger(int32_t target, msg_len = qb_vsnprintf_serialize(chunk, QB_LOG_MAX_LEN, "Log message too long to be stored in the blackbox. "\ "Maximum is QB_LOG_MAX_LEN" , ap); - actual_size += msg_len; } actual_size += msg_len; diff --git a/lib/unix.c b/lib/unix.c index f59cd0b1..6bd3cc24 100644 --- a/lib/unix.c +++ b/lib/unix.c @@ -273,17 +273,18 @@ qb_sys_circular_mmap(int32_t fd, void **buf, size_t bytes) res = close(fd); if (res) { - goto cleanup_fail; + goto cleanup_fail_noclose; } *buf = addr_orig; return 0; cleanup_fail: + close(fd); +cleanup_fail_noclose: if (addr_orig) { munmap(addr_orig, bytes << 1); } - close(fd); return res; }