From 9b21c88bc668236e63601509857664522267abe2 Mon Sep 17 00:00:00 2001 From: Alexander Boettcher Date: Wed, 9 Sep 2015 23:28:36 +0200 Subject: [PATCH] base: handle unsupported printf commands better The commit consumes the argument of a unsupported printf command. Without the commit - a subsequent command uses the argument of the preceding command, which may cause memory corruption or page faults for sequences using string commands, e.g. Genode::printf("%#x %s\n", 0x20, "Test"); '#' is not supported by Genode::printf. In this scenario a pagefault at address 0x20 is caused. Fixes #1701 --- repos/base/src/base/console/console.cc | 2 ++ repos/base/src/test/printf/main.cc | 4 ++++ tool/autopilot.list | 1 + 3 files changed, 7 insertions(+) diff --git a/repos/base/src/base/console/console.cc b/repos/base/src/base/console/console.cc index d2724c739..cb615c2a3 100644 --- a/repos/base/src/base/console/console.cc +++ b/repos/base/src/base/console/console.cc @@ -335,6 +335,8 @@ void Console::vprintf(const char *format, va_list list) case Format_command::INVALID: _out_string(""); + /* consume the argument of the unsupported command */ + va_arg(list, long); break; } diff --git a/repos/base/src/test/printf/main.cc b/repos/base/src/test/printf/main.cc index 77d911856..51b617d35 100644 --- a/repos/base/src/test/printf/main.cc +++ b/repos/base/src/test/printf/main.cc @@ -16,6 +16,10 @@ int main(int argc, char **argv) { + /* test that unsupported commands don't crash the printf parser */ + Genode::printf("%#x %s\n", 0x38, "test 1"); + Genode::printf("%#lx %s\n", 0x38L, "test 2"); + Genode::printf("-1 = %d = %ld\n", -1, -1L); return 0; diff --git a/tool/autopilot.list b/tool/autopilot.list index f6c281064..5718fb8c9 100644 --- a/tool/autopilot.list +++ b/tool/autopilot.list @@ -55,3 +55,4 @@ stdcxx nic_loopback platform report_rom +printf