Bug 1369561 - Address misc. SnprintfLiteral correctness nits. r=jld, r=froydnj, a=ritu
authorDavid Keeler <dkeeler@mozilla.com>
Fri, 15 Sep 2017 14:47:54 -0700
changeset 432366 0893b7f1f14a
parent 432365 42c1b2dc8bac
child 432367 76ace2631acc
push id7946
push userryanvm@gmail.com
push dateWed, 11 Oct 2017 17:47:53 +0000
treeherdermozilla-beta@465b880a2af9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld, froydnj, ritu
bugs1369561
milestone57.0
Bug 1369561 - Address misc. SnprintfLiteral correctness nits. r=jld, r=froydnj, a=ritu
security/sandbox/linux/SandboxUtil.cpp
xpcom/base/nsSystemInfo.cpp
--- a/security/sandbox/linux/SandboxUtil.cpp
+++ b/security/sandbox/linux/SandboxUtil.cpp
@@ -57,17 +57,16 @@ WriteStringToFile(const char* aPath, con
 bool
 UnshareUserNamespace()
 {
   // The uid and gid need to be retrieved before the unshare; see
   // below.
   uid_t uid = getuid();
   gid_t gid = getgid();
   char buf[80];
-  size_t len;
 
   if (syscall(__NR_unshare, CLONE_NEWUSER) != 0) {
     return false;
   }
 
   // As mentioned in the header, this function sets up uid/gid
   // mappings that preserve the process's previous ids.  Mapping the
   // uid/gid to something is necessary in order to nest user
@@ -79,25 +78,29 @@ UnshareUserNamespace()
   // establishing gid mappings will fail unless the process first
   // revokes its ability to call setgroups() by using a /proc node
   // added in the same set of patches.
   //
   // Note that /proc/self points to the thread group leader, not the
   // current thread.  However, CLONE_NEWUSER can be unshared only in a
   // single-threaded process, so those are equivalent if we reach this
   // point.
-  len = size_t(SprintfLiteral(buf, "%u %u 1\n", uid, uid));
-  MOZ_ASSERT(len < sizeof(buf));
-  if (!WriteStringToFile("/proc/self/uid_map", buf, len)) {
+  int len = SprintfLiteral(buf, "%u %u 1\n", uid, uid);
+  if (len >= int(sizeof(buf)) || len < 0) {
+    return false;
+  }
+  if (!WriteStringToFile("/proc/self/uid_map", buf, size_t(len))) {
     MOZ_CRASH("Failed to write /proc/self/uid_map");
   }
 
   Unused << WriteStringToFile("/proc/self/setgroups", "deny", 4);
 
-  len = size_t(SprintfLiteral(buf, "%u %u 1\n", gid, gid));
-  MOZ_ASSERT(len < sizeof(buf));
-  if (!WriteStringToFile("/proc/self/gid_map", buf, len)) {
+  len = SprintfLiteral(buf, "%u %u 1\n", gid, gid);
+  if (len >= int(sizeof(buf)) || len < 0) {
+    return false;
+  }
+  if (!WriteStringToFile("/proc/self/gid_map", buf, size_t(len))) {
     MOZ_CRASH("Failed to write /proc/self/gid_map");
   }
   return true;
 }
 
 } // namespace mozilla
--- a/xpcom/base/nsSystemInfo.cpp
+++ b/xpcom/base/nsSystemInfo.cpp
@@ -701,17 +701,17 @@ nsSystemInfo::Init()
 #endif
 
   if (gtkver_len <= 0) {
     gtkver_len = SprintfLiteral(gtkver, "GTK %u.%u.%u", gtk_major_version,
                                 gtk_minor_version, gtk_micro_version);
   }
 
   nsAutoCString secondaryLibrary;
-  if (gtkver_len > 0) {
+  if (gtkver_len > 0 && gtkver_len < int(sizeof(gtkver))) {
     secondaryLibrary.Append(nsDependentCSubstring(gtkver, gtkver_len));
   }
 
   void* libpulse = dlopen("libpulse.so.0", RTLD_LAZY);
   const char* libpulseVersion = "not-available";
   if (libpulse) {
     auto pa_get_library_version = reinterpret_cast<const char* (*)()>
       (dlsym(libpulse, "pa_get_library_version"));