-
-
Notifications
You must be signed in to change notification settings - Fork 450
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid calling snprintf in SIGTERM handler #1570
base: main
Are you sure you want to change the base?
Conversation
Implement our own routine for formatting the number.
Please just use write(). The 25 lines of formatting magic are a bit over-the-top imo. |
I wish an atomic write() for the "caught signal X" line. Formatting that string in a buffer before writing to |
I agree with @fasterit here. Please shorten that formatting logic. What can (and probably should) be done is reordering things to work like:
Please don't inline the num2string conversion, but use a function which is provided with the target buffer+size. Use |
I am thinking there could be another way to solve the CWE-479 problem, as that warning wasn't present in htop's fatal error reporting code, and yet the fatal error code also reports what signal it has received. |
We could vendor a stripped down version of https://github.com/idning/safe_snprintf . The license there should be GPLv2 as the upstream MySQL code is. |
Another implementation: https://chromium.googlesource.com/chromium/src/base/+/master/strings/safe_sprintf.h (BSD3 license, C++ implementation) |
I don't think we should start putting C++ code in htop. The C implementation you linked also has some quirks which aren't quite right (aside from missing the format attributes, it's not fully validating the format subset that it supports). |
@fasterit What I said is that maybe we don't need another implementation of snprintf(3) at all. As mentioned, GCC 14 doesn't warn about CWE-479 for The problem of CWE-479 happens when another signal is delivered during the handling of |
I think that GCC14 only warns about one of those is a bug due to a missed warning. So when we are fixing this it will need to be both. And as mentioned, I can fully live with a minimalistic Basic requirements:
If we can re-use this custom-rolled |
@BenBE I was thinking deeper that, when another signal arrives during a handler, what kind of message htop's output should look like. To prevent the situation where we implemented our own
|
I can live with that. And for nested signals we could just go ahead and ignore the second signal.
|
@BenBE Oops. I was confused with the CWE-479 issue here because there was actually two sub-issues:
I was too focused on the latter and yet forget the former issue at hand. |
I was not implying to use C++ in htop, I still think looking at how other people solved the problem is inspirational. So why not write a minimal good |
Didn't interpret it as such. Just remarked that I think it would be overkill to start doing C++, just to be able to handle printing some error message right before we emergency exit our process … ;-)
All for it. No objections. Just the requirement for correctness (i.e. implemented features should be correct, unsupported features should be properly rejected in the implementation). Needed features:
|
I believe there should be an existing However I wish to give up on this PR and let someone else who is motivated to work on this. It's not my interest in implementing a |
By Implementing our own routine for formatting the number.
This could resolve #1563 but I'm sure people would say this solution is ugly.