fix: Avoid invalid memory access in the logger (#310)

src/sentry_logger.c

@@ -53,7 +53,7 @@ sentry__logger_defaultlogger(
 
     size_t len = strlen(prefix) + strlen(priority) + strlen(message) + 2;
     char *format = sentry_malloc(len);
-    snprintf("%s%s%s\n", len, prefix, priority, message);
+    snprintf(format, len, "%s%s%s\n", prefix, priority, message);
 
     vfprintf(stderr, format, args);
 

tests/test_integration_http.py

@@ -36,7 +36,7 @@ def test_capture_http(tmp_path, httpserver):
         run(
             tmp_path,
             "sentry_example",
-            ["release-env", "capture-event", "add-stacktrace"],
+            ["log", "release-env", "capture-event", "add-stacktrace"],
             check=True,
             env=env,
         )
@@ -65,14 +65,14 @@ def test_session_http(tmp_path, httpserver):
     run(
         tmp_path,
         "sentry_example",
-        ["release-env", "start-session"],
+        ["log", "release-env", "start-session"],
         check=True,
         env=dict(os.environ, SENTRY_DSN=make_dsn(httpserver)),
     )
     run(
         tmp_path,
         "sentry_example",
-        ["start-session"],
+        ["log", "start-session"],
         check=True,
         env=dict(os.environ, SENTRY_DSN=make_dsn(httpserver)),
     )
@@ -95,7 +95,7 @@ def test_capture_and_session_http(tmp_path, httpserver):
     run(
         tmp_path,
         "sentry_example",
-        ["start-session", "capture-event"],
+        ["log", "start-session", "capture-event"],
         check=True,
         env=dict(os.environ, SENTRY_DSN=make_dsn(httpserver)),
     )
@@ -116,7 +116,9 @@ def test_capture_and_session_http(tmp_path, httpserver):
 def test_inproc_crash_http(tmp_path, httpserver):
     cmake(tmp_path, ["sentry_example"], {"SENTRY_BACKEND": "inproc"})
 
-    child = run(tmp_path, "sentry_example", ["start-session", "attachment", "crash"])
+    child = run(
+        tmp_path, "sentry_example", ["log", "start-session", "attachment", "crash"]
+    )
     assert child.returncode  # well, its a crash after all
 
     httpserver.expect_request(
@@ -126,7 +128,7 @@ def test_inproc_crash_http(tmp_path, httpserver):
     run(
         tmp_path,
         "sentry_example",
-        ["no-setup"],
+        ["log", "no-setup"],
         check=True,
         env=dict(os.environ, SENTRY_DSN=make_dsn(httpserver)),
     )
@@ -157,10 +159,12 @@ def test_inproc_dump_inflight(tmp_path, httpserver):
     ).respond_with_data("OK")
 
     env = dict(os.environ, SENTRY_DSN=make_dsn(httpserver))
-    child = run(tmp_path, "sentry_example", ["capture-multiple", "crash"], env=env)
+    child = run(
+        tmp_path, "sentry_example", ["log", "capture-multiple", "crash"], env=env
+    )
     assert child.returncode  # well, its a crash after all
 
-    run(tmp_path, "sentry_example", ["no-setup"], check=True, env=env)
+    run(tmp_path, "sentry_example", ["log", "no-setup"], check=True, env=env)
 
     # we trigger 10 normal events, and 1 crash
     assert len(httpserver.log) >= 11
@@ -170,7 +174,9 @@ def test_inproc_dump_inflight(tmp_path, httpserver):
 def test_breakpad_crash_http(tmp_path, httpserver):
     cmake(tmp_path, ["sentry_example"], {"SENTRY_BACKEND": "breakpad"})
 
-    child = run(tmp_path, "sentry_example", ["start-session", "attachment", "crash"])
+    child = run(
+        tmp_path, "sentry_example", ["log", "start-session", "attachment", "crash"]
+    )
     assert child.returncode  # well, its a crash after all
 
     httpserver.expect_request(
@@ -180,7 +186,7 @@ def test_breakpad_crash_http(tmp_path, httpserver):
     run(
         tmp_path,
         "sentry_example",
-        ["no-setup"],
+        ["log", "no-setup"],
         check=True,
         env=dict(os.environ, SENTRY_DSN=make_dsn(httpserver)),
     )
@@ -212,10 +218,12 @@ def test_breakpad_dump_inflight(tmp_path, httpserver):
     ).respond_with_data("OK")
 
     env = dict(os.environ, SENTRY_DSN=make_dsn(httpserver))
-    child = run(tmp_path, "sentry_example", ["capture-multiple", "crash"], env=env)
+    child = run(
+        tmp_path, "sentry_example", ["log", "capture-multiple", "crash"], env=env
+    )
     assert child.returncode  # well, its a crash after all
 
-    run(tmp_path, "sentry_example", ["no-setup"], check=True, env=env)
+    run(tmp_path, "sentry_example", ["log", "no-setup"], check=True, env=env)
 
     # we trigger 10 normal events, and 1 crash
     assert len(httpserver.log) >= 11

tests/test_integration_ratelimits.py

@@ -17,13 +17,13 @@ def test_retry_after(tmp_path, httpserver):
     httpserver.expect_oneshot_request("/api/123456/envelope/").respond_with_data(
         "OK", 200, {"retry-after": "60"}
     )
-    run(tmp_path, "sentry_example", ["capture-multiple"], check=True, env=env)
+    run(tmp_path, "sentry_example", ["log", "capture-multiple"], check=True, env=env)
     assert len(httpserver.log) == 1
 
     httpserver.expect_oneshot_request("/api/123456/envelope/").respond_with_data(
         "OK", 429, {"retry-after": "60"}
     )
-    run(tmp_path, "sentry_example", ["capture-multiple"], check=True, env=env)
+    run(tmp_path, "sentry_example", ["log", "capture-multiple"], check=True, env=env)
     assert len(httpserver.log) == 2
 
 
@@ -36,11 +36,11 @@ def test_rate_limits(tmp_path, httpserver):
     httpserver.expect_oneshot_request("/api/123456/envelope/").respond_with_data(
         "OK", 200, headers
     )
-    run(tmp_path, "sentry_example", ["capture-multiple"], check=True, env=env)
+    run(tmp_path, "sentry_example", ["log", "capture-multiple"], check=True, env=env)
     assert len(httpserver.log) == 1
 
     httpserver.expect_oneshot_request("/api/123456/envelope/").respond_with_data(
         "OK", 429, headers
     )
-    run(tmp_path, "sentry_example", ["capture-multiple"], check=True, env=env)
+    run(tmp_path, "sentry_example", ["log", "capture-multiple"], check=True, env=env)
     assert len(httpserver.log) == 2