From 833539000a995ea7ea43873467516e50ff6938b8 Mon Sep 17 00:00:00 2001 From: Arpad Borsos Date: Fri, 19 Jun 2020 20:51:48 +0200 Subject: [PATCH] fix: Avoid invalid memory access in the logger (#310) --- src/sentry_logger.c | 2 +- tests/test_integration_http.py | 32 +++++++++++++++++----------- tests/test_integration_ratelimits.py | 8 +++---- 3 files changed, 25 insertions(+), 17 deletions(-) diff --git a/src/sentry_logger.c b/src/sentry_logger.c index 7634a4831..ab6bd05c4 100644 --- a/src/sentry_logger.c +++ b/src/sentry_logger.c @@ -53,7 +53,7 @@ sentry__logger_defaultlogger( size_t len = strlen(prefix) + strlen(priority) + strlen(message) + 2; char *format = sentry_malloc(len); - snprintf("%s%s%s\n", len, prefix, priority, message); + snprintf(format, len, "%s%s%s\n", prefix, priority, message); vfprintf(stderr, format, args); diff --git a/tests/test_integration_http.py b/tests/test_integration_http.py index 1ba15732d..7ba9ffd9c 100644 --- a/tests/test_integration_http.py +++ b/tests/test_integration_http.py @@ -36,7 +36,7 @@ def test_capture_http(tmp_path, httpserver): run( tmp_path, "sentry_example", - ["release-env", "capture-event", "add-stacktrace"], + ["log", "release-env", "capture-event", "add-stacktrace"], check=True, env=env, ) @@ -65,14 +65,14 @@ def test_session_http(tmp_path, httpserver): run( tmp_path, "sentry_example", - ["release-env", "start-session"], + ["log", "release-env", "start-session"], check=True, env=dict(os.environ, SENTRY_DSN=make_dsn(httpserver)), ) run( tmp_path, "sentry_example", - ["start-session"], + ["log", "start-session"], check=True, env=dict(os.environ, SENTRY_DSN=make_dsn(httpserver)), ) @@ -95,7 +95,7 @@ def test_capture_and_session_http(tmp_path, httpserver): run( tmp_path, "sentry_example", - ["start-session", "capture-event"], + ["log", "start-session", "capture-event"], check=True, env=dict(os.environ, SENTRY_DSN=make_dsn(httpserver)), ) @@ -116,7 +116,9 @@ def test_capture_and_session_http(tmp_path, httpserver): def test_inproc_crash_http(tmp_path, httpserver): cmake(tmp_path, ["sentry_example"], {"SENTRY_BACKEND": "inproc"}) - child = run(tmp_path, "sentry_example", ["start-session", "attachment", "crash"]) + child = run( + tmp_path, "sentry_example", ["log", "start-session", "attachment", "crash"] + ) assert child.returncode # well, its a crash after all httpserver.expect_request( @@ -126,7 +128,7 @@ def test_inproc_crash_http(tmp_path, httpserver): run( tmp_path, "sentry_example", - ["no-setup"], + ["log", "no-setup"], check=True, env=dict(os.environ, SENTRY_DSN=make_dsn(httpserver)), ) @@ -157,10 +159,12 @@ def test_inproc_dump_inflight(tmp_path, httpserver): ).respond_with_data("OK") env = dict(os.environ, SENTRY_DSN=make_dsn(httpserver)) - child = run(tmp_path, "sentry_example", ["capture-multiple", "crash"], env=env) + child = run( + tmp_path, "sentry_example", ["log", "capture-multiple", "crash"], env=env + ) assert child.returncode # well, its a crash after all - run(tmp_path, "sentry_example", ["no-setup"], check=True, env=env) + run(tmp_path, "sentry_example", ["log", "no-setup"], check=True, env=env) # we trigger 10 normal events, and 1 crash assert len(httpserver.log) >= 11 @@ -170,7 +174,9 @@ def test_inproc_dump_inflight(tmp_path, httpserver): def test_breakpad_crash_http(tmp_path, httpserver): cmake(tmp_path, ["sentry_example"], {"SENTRY_BACKEND": "breakpad"}) - child = run(tmp_path, "sentry_example", ["start-session", "attachment", "crash"]) + child = run( + tmp_path, "sentry_example", ["log", "start-session", "attachment", "crash"] + ) assert child.returncode # well, its a crash after all httpserver.expect_request( @@ -180,7 +186,7 @@ def test_breakpad_crash_http(tmp_path, httpserver): run( tmp_path, "sentry_example", - ["no-setup"], + ["log", "no-setup"], check=True, env=dict(os.environ, SENTRY_DSN=make_dsn(httpserver)), ) @@ -212,10 +218,12 @@ def test_breakpad_dump_inflight(tmp_path, httpserver): ).respond_with_data("OK") env = dict(os.environ, SENTRY_DSN=make_dsn(httpserver)) - child = run(tmp_path, "sentry_example", ["capture-multiple", "crash"], env=env) + child = run( + tmp_path, "sentry_example", ["log", "capture-multiple", "crash"], env=env + ) assert child.returncode # well, its a crash after all - run(tmp_path, "sentry_example", ["no-setup"], check=True, env=env) + run(tmp_path, "sentry_example", ["log", "no-setup"], check=True, env=env) # we trigger 10 normal events, and 1 crash assert len(httpserver.log) >= 11 diff --git a/tests/test_integration_ratelimits.py b/tests/test_integration_ratelimits.py index b695b4894..2ff3d177a 100644 --- a/tests/test_integration_ratelimits.py +++ b/tests/test_integration_ratelimits.py @@ -17,13 +17,13 @@ def test_retry_after(tmp_path, httpserver): httpserver.expect_oneshot_request("/api/123456/envelope/").respond_with_data( "OK", 200, {"retry-after": "60"} ) - run(tmp_path, "sentry_example", ["capture-multiple"], check=True, env=env) + run(tmp_path, "sentry_example", ["log", "capture-multiple"], check=True, env=env) assert len(httpserver.log) == 1 httpserver.expect_oneshot_request("/api/123456/envelope/").respond_with_data( "OK", 429, {"retry-after": "60"} ) - run(tmp_path, "sentry_example", ["capture-multiple"], check=True, env=env) + run(tmp_path, "sentry_example", ["log", "capture-multiple"], check=True, env=env) assert len(httpserver.log) == 2 @@ -36,11 +36,11 @@ def test_rate_limits(tmp_path, httpserver): httpserver.expect_oneshot_request("/api/123456/envelope/").respond_with_data( "OK", 200, headers ) - run(tmp_path, "sentry_example", ["capture-multiple"], check=True, env=env) + run(tmp_path, "sentry_example", ["log", "capture-multiple"], check=True, env=env) assert len(httpserver.log) == 1 httpserver.expect_oneshot_request("/api/123456/envelope/").respond_with_data( "OK", 429, headers ) - run(tmp_path, "sentry_example", ["capture-multiple"], check=True, env=env) + run(tmp_path, "sentry_example", ["log", "capture-multiple"], check=True, env=env) assert len(httpserver.log) == 2