diff --git a/trunk/src/app/srs_app_latest_version.cpp b/trunk/src/app/srs_app_latest_version.cpp index 1efa25810..f588e17ff 100644 --- a/trunk/src/app/srs_app_latest_version.cpp +++ b/trunk/src/app/srs_app_latest_version.cpp @@ -178,11 +178,15 @@ srs_error_t SrsLatestVersion::start() uuid_t uuid; uuid_generate_time(uuid); - char buf[32]; + // Must reserve last 1 byte for the trailing '\0', because we expect the size of uuid string is 32 bytes. + char buf[32 + 1]; + srs_assert(16 == sizeof(uuid_t)); + for (int i = 0; i < 16; i++) { - snprintf(buf + i * 2, sizeof(buf), "%02x", uuid[i]); + int r0 = snprintf(buf + i * 2, sizeof(buf) - i * 2, "%02x", uuid[i]); + srs_assert(r0 > 0 && r0 < sizeof(buf) - i * 2); } - server_id_ = string(buf, sizeof(buf)); + server_id_ = buf; } return trd_->start(); diff --git a/trunk/src/app/srs_app_listener.cpp b/trunk/src/app/srs_app_listener.cpp index f6b4f96ef..12d4d1e5f 100755 --- a/trunk/src/app/srs_app_listener.cpp +++ b/trunk/src/app/srs_app_listener.cpp @@ -433,9 +433,12 @@ std::string SrsUdpMuxSocket::peer_id() peer_port = atoi(port_string); } - // Build the peer id. - static char id_buf[128]; + // Build the peer id, reserve 1 byte for the trailing '\0'. + static char id_buf[128 + 1]; int len = snprintf(id_buf, sizeof(id_buf), "%s:%d", peer_ip.c_str(), peer_port); + if (len <= 0 || len >= sizeof(id_buf)) { + return ""; + } peer_id_ = string(id_buf, len); // Update the stat. diff --git a/trunk/src/app/srs_app_utility.cpp b/trunk/src/app/srs_app_utility.cpp index 7b3feabe9..63c84411a 100644 --- a/trunk/src/app/srs_app_utility.cpp +++ b/trunk/src/app/srs_app_utility.cpp @@ -1386,7 +1386,7 @@ string srs_string_dumps_hex(const char* str, int length, int limit, char seperat int len = 0; for (int i = 0; i < length && i < limit && len < LIMIT; ++i) { int nb = snprintf(buf + len, LIMIT - len, "%02x", (uint8_t)str[i]); - if (nb < 0 || nb >= LIMIT - len) { + if (nb <= 0 || nb >= LIMIT - len) { break; } len += nb; diff --git a/trunk/src/kernel/srs_kernel_utility.cpp b/trunk/src/kernel/srs_kernel_utility.cpp index d5600e040..69a75b606 100644 --- a/trunk/src/kernel/srs_kernel_utility.cpp +++ b/trunk/src/kernel/srs_kernel_utility.cpp @@ -276,16 +276,16 @@ bool srs_check_ip_addr_valid(string ip) string srs_int2str(int64_t value) { // len(max int64_t) is 20, plus one "+-." - char tmp[22]; - snprintf(tmp, 22, "%" PRId64, value); + char tmp[21 + 1]; + snprintf(tmp, sizeof(tmp), "%" PRId64, value); return tmp; } string srs_float2str(double value) { // len(max int64_t) is 20, plus one "+-." - char tmp[22]; - snprintf(tmp, 22, "%.2f", value); + char tmp[21 + 1]; + snprintf(tmp, sizeof(tmp), "%.2f", value); return tmp; } diff --git a/trunk/src/protocol/srs_protocol_http_conn.cpp b/trunk/src/protocol/srs_protocol_http_conn.cpp index f47e2745a..d160b1799 100644 --- a/trunk/src/protocol/srs_protocol_http_conn.cpp +++ b/trunk/src/protocol/srs_protocol_http_conn.cpp @@ -773,6 +773,9 @@ srs_error_t SrsHttpResponseWriter::write(char* data, int size) // send in chunked encoding. int nb_size = snprintf(header_cache, SRS_HTTP_HEADER_CACHE_SIZE, "%x", size); + if (nb_size <= 0 || nb_size >= SRS_HTTP_HEADER_CACHE_SIZE) { + return srs_error_new(ERROR_HTTP_CONTENT_LENGTH, "overflow size=%d, expect=%d", size, nb_size); + } iovec iovs[4]; iovs[0].iov_base = (char*)header_cache; @@ -842,6 +845,9 @@ srs_error_t SrsHttpResponseWriter::writev(const iovec* iov, int iovcnt, ssize_t* // chunk header int nb_size = snprintf(header_cache, SRS_HTTP_HEADER_CACHE_SIZE, "%x", size); + if (nb_size <= 0 || nb_size >= SRS_HTTP_HEADER_CACHE_SIZE) { + return srs_error_new(ERROR_HTTP_CONTENT_LENGTH, "overflow size=%d, expect=%d", size, nb_size); + } iovss[0].iov_base = (char*)header_cache; iovss[0].iov_len = (int)nb_size; diff --git a/trunk/src/protocol/srs_protocol_json.cpp b/trunk/src/protocol/srs_protocol_json.cpp index b6a0d3273..9d356c88a 100644 --- a/trunk/src/protocol/srs_protocol_json.cpp +++ b/trunk/src/protocol/srs_protocol_json.cpp @@ -1582,8 +1582,8 @@ string SrsJsonAny::dumps() } case SRS_JSON_Number: { // len(max int64_t) is 20, plus one "+-." - char tmp[22]; - snprintf(tmp, 22, "%.2f", to_number()); + char tmp[21 + 1]; + snprintf(tmp, sizeof(tmp), "%.2f", to_number()); return tmp; } case SRS_JSON_Null: { diff --git a/trunk/src/protocol/srs_protocol_rtmp_handshake.cpp b/trunk/src/protocol/srs_protocol_rtmp_handshake.cpp index 22713b9db..0641109f7 100644 --- a/trunk/src/protocol/srs_protocol_rtmp_handshake.cpp +++ b/trunk/src/protocol/srs_protocol_rtmp_handshake.cpp @@ -962,7 +962,7 @@ namespace srs_internal srs_random_generate(random, 1504); int size = snprintf(random, 1504, "%s", RTMP_SIG_SRS_HANDSHAKE); - srs_assert(size < 1504); + srs_assert(size > 0 && size < 1504); snprintf(random + 1504 - size, size, "%s", RTMP_SIG_SRS_HANDSHAKE); srs_random_generate(digest, 32); diff --git a/trunk/src/protocol/srs_protocol_srt.cpp b/trunk/src/protocol/srs_protocol_srt.cpp index afdaf146f..fac1e3ae8 100644 --- a/trunk/src/protocol/srs_protocol_srt.cpp +++ b/trunk/src/protocol/srs_protocol_srt.cpp @@ -170,7 +170,8 @@ srs_error_t srs_srt_listen(srs_srt_t srt_fd, std::string ip, int port) srs_error_t err = srs_success; char sport[8]; - snprintf(sport, sizeof(sport), "%d", port); + int r0 = snprintf(sport, sizeof(sport), "%d", port); + srs_assert(r0 > 0 && r0 < sizeof(sport)); addrinfo hints; memset(&hints, 0, sizeof(hints)); diff --git a/trunk/src/protocol/srs_protocol_st.cpp b/trunk/src/protocol/srs_protocol_st.cpp index 559726ebe..ae98d4e74 100644 --- a/trunk/src/protocol/srs_protocol_st.cpp +++ b/trunk/src/protocol/srs_protocol_st.cpp @@ -175,7 +175,8 @@ srs_error_t srs_tcp_connect(string server, int port, srs_utime_t tm, srs_netfd_t srs_netfd_t stfd = NULL; char sport[8]; - snprintf(sport, sizeof(sport), "%d", port); + int r0 = snprintf(sport, sizeof(sport), "%d", port); + srs_assert(r0 > 0 && r0 < sizeof(sport)); addrinfo hints; memset(&hints, 0, sizeof(hints)); @@ -251,7 +252,8 @@ srs_error_t srs_tcp_listen(std::string ip, int port, srs_netfd_t* pfd) srs_error_t err = srs_success; char sport[8]; - snprintf(sport, sizeof(sport), "%d", port); + int r0 = snprintf(sport, sizeof(sport), "%d", port); + srs_assert(r0 > 0 && r0 < sizeof(sport)); addrinfo hints; memset(&hints, 0, sizeof(hints)); @@ -312,7 +314,8 @@ srs_error_t srs_udp_listen(std::string ip, int port, srs_netfd_t* pfd) srs_error_t err = srs_success; char sport[8]; - snprintf(sport, sizeof(sport), "%d", port); + int r0 = snprintf(sport, sizeof(sport), "%d", port); + srs_assert(r0 > 0 && r0 < sizeof(sport)); addrinfo hints; memset(&hints, 0, sizeof(hints)); diff --git a/trunk/src/utest/srs_utest_core.cpp b/trunk/src/utest/srs_utest_core.cpp index c7e1836ff..85f3dd0c2 100644 --- a/trunk/src/utest/srs_utest_core.cpp +++ b/trunk/src/utest/srs_utest_core.cpp @@ -72,5 +72,17 @@ VOID TEST(CoreLogger, CheckVsnprintf) EXPECT_EQ(0, buf[2]); EXPECT_EQ(0xf, buf[3]); } + + if (true) { + char buf[5]; + EXPECT_EQ(4, snprintf(buf, sizeof(buf), "Hell")); + EXPECT_STREQ("Hell", buf); + + EXPECT_EQ(5, snprintf(buf, sizeof(buf), "Hello")); + EXPECT_STREQ("Hell", buf); + + EXPECT_EQ(10, snprintf(buf, sizeof(buf), "HelloWorld")); + EXPECT_STREQ("Hell", buf); + } }