-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix string concat buffer overflow #1806
fix string concat buffer overflow #1806
Conversation
Signed-off-by: kpango <kpango@vdaas.org>
[CHATOPS:HELP] ChatOps commands.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Deploying with Cloudflare Pages
|
Codecov ReportBase: 30.25% // Head: 30.24% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #1806 +/- ##
==========================================
- Coverage 30.25% 30.24% -0.02%
==========================================
Files 371 371
Lines 34011 34019 +8
==========================================
- Hits 10291 10288 -3
- Misses 23306 23315 +9
- Partials 414 416 +2
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
[FOSSA] The scan result will be available at https://app.fossa.com/projects/custom%2B21465%2Fvald/refs/branch/bugfix%2Finternal%2Ferrdetails-string-concat-buffer-overflow/244daafce99a4e19205123e9cb7ac35605273eb7 |
Profile Report
|
Signed-off-by: kpango kpango@vdaas.org
Description:
Bug
In the vald process, each stack trace is serialized and recorded in the gRPC status body.
In this process, vald performs string concatenation by the + operator, but if the string is too long, it may fail.
This means that we must be careful when joining string types with a total of 2,147,483,647 characters or more.
Go's strings.Join method does not count the number of characters, but recreates the join by expanding the buffer, which is safer if the string is long enough.
Log
Solution
Related Issue:
How Has This Been Tested?:
Environment:
Types of changes:
Changes to Core Features:
Checklist: