From 717422c12cd6f591158ae19d67fd928f50a6f2d1 Mon Sep 17 00:00:00 2001
From: Nils Schneider <nils@nilsschneider.net>
Date: Mon, 21 Sep 2015 14:27:22 +0200
Subject: [PATCH] log: avoid buffer overflow in vlog

`vlog()` can not handle log messages longer than 4096 bytes. However, the
message generated in `store_restart_layout()` is likely to exceed this
as it contains a long JSON string.

This has caused a few SEGFAULTS during restarts for me when running with
`-d all`.

Fix this by truncating the message to 4096 bytes and punching in a newline at
the end.
---
 src/log.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/log.c b/src/log.c
index 7cf98843..856330b6 100644
--- a/src/log.c
+++ b/src/log.c
@@ -246,6 +246,15 @@ static void vlog(const bool print, const char *fmt, va_list args) {
         len += vsnprintf(message + len, sizeof(message) - len, fmt, args);
         if (len >= sizeof(message)) {
             fprintf(stderr, "BUG: single log message > 4k\n");
+
+            /* vsnprintf returns the number of bytes that *would have been written*,
+             * not the actual amount written. Thus, limit len to sizeof(message) to avoid
+             * memory corruption and outputting garbage later.  */
+            len = sizeof(message);
+
+            /* Punch in a newline so the next log message is not dangling at
+             * the end of the truncated message. */
+            message[len - 2] = '\n';
         }
 
         /* If there is no space for the current message in the ringbuffer, we
-- 
2.39.5