lldb/source/Host/linux/Host.cpp:94: Possible missing field width in scanf %s ?

[dcb314]

Static analyser cppcheck says:

lldb/source/Host/linux/Host.cpp:94:7: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]

Source code is

if (sscanf(Rest.data(),
"%d %s %c %d %d %d %d %d %u %lu %lu %lu %lu %lu %lu %ld %ld",
&stat_fields.pid, stat_fields.comm, &stat_fields.state,
&stat_fields.ppid, &stat_fields.pgrp, &stat_fields.session,
&stat_fields.tty_nr, &stat_fields.tpgid, &stat_fields.flags,
&stat_fields.minflt, &stat_fields.cminflt, &stat_fields.majflt,
&stat_fields.cmajflt, &stat_fields.utime, &stat_fields.stime,
&stat_fields.cutime, &stat_fields.cstime) < 0) {

but

char comm[task_comm_len];

and

constexpr int task_comm_len = 16;

Might there be some value in adding the string maximum length to the %s ?

[llvmbot]

@llvm/issue-subscribers-lldb

Author: None (dcb314)

Static analyser cppcheck says:

lldb/source/Host/linux/Host.cpp:94:7: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]

Source code is

if (sscanf(Rest.data(),
"%d %s %c %d %d %d %d %d %u %lu %lu %lu %lu %lu %lu %ld %ld",
&stat_fields.pid, stat_fields.comm, &stat_fields.state,
&stat_fields.ppid, &stat_fields.pgrp, &stat_fields.session,
&stat_fields.tty_nr, &stat_fields.tpgid, &stat_fields.flags,
&stat_fields.minflt, &stat_fields.cminflt, &stat_fields.majflt,
&stat_fields.cmajflt, &stat_fields.utime, &stat_fields.stime,
&stat_fields.cutime, &stat_fields.cstime) < 0) {

but

char comm[task_comm_len];

and

constexpr int task_comm_len = 16;

Might there be some value in adding the string maximum length to the %s ?

[DavidSpickett]

Fixed by #100387, and we will rework the code so that we are not using scanf on a field that can potentially include spaces and special characters.