Add asserts for snprintf, sprintf, and vsnprintf (#2910)

mikeessen · web-flow · commit 2e9bcf287510 · 2024-08-20T09:12:38.000-04:00
Signed-off-by: Mike Essenmacher &lt;essen@us.ibm.com&gt;
diff --git a/src/Runtime/OMIndexLookup.inc b/src/Runtime/OMIndexLookup.inc
@@ -34,7 +34,8 @@ static inline uint32_t hash_string(uint32_t hval, const char *str) {
 // Adaptation of 32-bit FNV for int64_t values.
 static inline uint32_t hash_int64(uint32_t hval, int64_t val) {
   char str[20];
-  snprintf(str, sizeof(str), "%lld", (long long)val);
+  int num_chars_written = snprintf(str, sizeof(str), "%lld", (long long)val);
+  assert(num_chars_written >= 0 && "snprintf write error to str");
   return hash_string(hval, str);
 }
 
diff --git a/src/Runtime/OMInstrument.inc b/src/Runtime/OMInstrument.inc
@@ -146,7 +146,8 @@ static void ReportMemory() {
   char memOutput[200];
   FILE *memPipe;
   mypid = getpid();
-  snprintf(memCommand, sizeof(memCommand), "ps -o vsz='' -p %d", mypid);
+  int num_chars_written = snprintf(memCommand, sizeof(memCommand), "ps -o vsz='' -p %d", mypid);
+  assert(num_chars_written >= 0 && "snprintf write error to memCommand");
   memPipe = popen(memCommand, "r");
   if (!memPipe) {
     fprintf(fout, ", error-failed-to-execute-ps\n");
diff --git a/src/Runtime/jni/jnilog.c b/src/Runtime/jni/jnilog.c
@@ -160,21 +160,25 @@ void log_printf(int level, const char *file, const char *func, int line,
   time_t now;
   struct tm *tm;
   char buf[LOG_MAX_LEN];
+  int num_chars_written = 0;
 
   /* Get local time and format as 2020-07-03 05:17:42 -0400 */
   if (time(&now) == -1 || (tm = localtime(&now)) == NULL ||
-      strftime(buf, sizeof(buf), "[%F %T %z]", tm) == 0)
-    sprintf(buf, "[-]");
+      strftime(buf, sizeof(buf), "[%F %T %z]", tm) == 0) {
+    num_chars_written = sprintf(buf, "[-]");
+    assert(num_chars_written >= 0 && "sprintf write error to buf");
+  }
 
   /* Output thread ID, log level, file name, function number, and line number.
    * Note that pthread_t on most platforms is unsigned long but is a struct
    * of 8 bytes on z/OS.
    */
   pthread_t tid = get_threadid();
   assert(LOG_MAX_LEN >= strlen(buf) && "error in snprintf length");
-  snprintf(buf + strlen(buf), LOG_MAX_LEN - strlen(buf),
+  num_chars_written = snprintf(buf + strlen(buf), LOG_MAX_LEN - strlen(buf),
       "[%016lx][%s]%s:%s:%d ", *(unsigned long *)&tid, log_level_name[level],
       get_filename(file), func, line);
+  assert(num_chars_written >= 0 && "snprintf write error to buf");
 
   /* Output actual log data */
   /* Definition of vsnprintf:
@@ -203,11 +207,15 @@ void log_printf(int level, const char *file, const char *func, int line,
 
   va_list log_data;
   va_start(log_data, fmt);
-  vsnprintf(buf + strlen(buf), LOG_MAX_LEN - strlen(buf), fmt, log_data);
+  num_chars_written =
+      vsnprintf(buf + strlen(buf), LOG_MAX_LEN - strlen(buf), fmt, log_data);
+  assert(num_chars_written >= 0 && "vsnprintf write error to buf");
   va_end(log_data);
 
   /* Add new line */
-  snprintf(buf + strlen(buf), LOG_MAX_LEN - strlen(buf), "\n");
+  num_chars_written =
+      snprintf(buf + strlen(buf), LOG_MAX_LEN - strlen(buf), "\n");
+  assert(num_chars_written >= 0 && "snprintf write error to buf");
 
   /* Write out and flush the output buffer */
   FILE *fp = get_log_fp();
@@ -238,9 +246,11 @@ static FILE *get_log_file_by_name(char *name) {
     char *tname = (char *)malloc(strlen(name) + 32);
     if (tname) {
       pthread_t tid = get_threadid();
-      snprintf(
+      int num_chars_written = snprintf(
           tname, strlen(name) + 32, "%s.%016lx", name, *(unsigned long *)&tid);
+      assert(num_chars_written >= 0 && "snprintf write error to tname");
       fp = fopen(tname, "w");
+      assert(fp != NULL && "fopen error on tname");
       free(tname);
     }
   }
diff --git a/src/Runtime/jni/jnilog.h b/src/Runtime/jni/jnilog.h
@@ -41,6 +41,7 @@ enum { LOG_TRACE, LOG_DEBUG, LOG_INFO, LOG_WARNING, LOG_ERROR, LOG_FATAL };
      */                                                                        \
     while (__i < __l &&                                                        \
            (__k = snprintf(__p, __j, format, ((type *)data)[__i])) < __j) {    \
+      assert(__k >= 0 && "snprintf write error to __p");                       \
       __p += __k;                                                              \
       __j -= __k;                                                              \
       __i++;                                                                   \
@@ -55,8 +56,9 @@ enum { LOG_TRACE, LOG_DEBUG, LOG_INFO, LOG_WARNING, LOG_ERROR, LOG_FATAL };
      * add "... " at the end to denote that the last element is                \
      * truncated.                                                              \
      */                                                                        \
-    snprintf(buf + strlen(buf), 6,                                             \
+    int __m = snprintf(buf + strlen(buf), 6,                                   \
         (__i == __l) ? " " : (__j == 1) ? " ... " : "... ");                   \
+    assert(__m >= 0 && "snprintf write error to buf");                         \
   } while (0)
 
 /* Construct string of up to LOG_MAX_NUM elements of an array of ONNX type.
@@ -90,8 +92,10 @@ enum { LOG_TRACE, LOG_DEBUG, LOG_INFO, LOG_WARNING, LOG_ERROR, LOG_FATAL };
     case ONNX_TYPE_DOUBLE:                                                     \
       LOG_BUF_C_TYPE(const double, hex ? " %016x" : " %lf", buf, data, n);     \
       break;                                                                   \
-    default:                                                                   \
-      sprintf(buf, " unsupported data type %d ", type);                        \
+    default: {                                                                 \
+      int __a = sprintf(buf, " unsupported data type %d ", type);              \
+      assert(__a >= 0 && "sprintf write error to buf");                        \
+    }                                                                          \
     }                                                                          \
   } while (0)
 
diff --git a/src/Runtime/jni/jniwrapper.c b/src/Runtime/jni/jniwrapper.c
@@ -759,7 +759,8 @@ Java_com_ibm_onnxmlir_OMModel_query_1entry_1points(JNIEnv *env, jclass cls) {
    */
   for (int64_t i = 0; i < neps; i++) {
     char ep[32];
-    sprintf(ep, "ep[%lld]", (long long)i);
+    int num_chars_written = sprintf(ep, "ep[%lld]", (long long)i);
+    assert(num_chars_written >= 0 && "sprintf write error to ep");
     HEX_DEBUG(ep, jni_eps[i], strlen(jni_eps[i]));
     LOG_PRINTF(LOG_DEBUG, "ep[%d](%ld):%s", i, strlen(jni_eps[i]), jni_eps[i]);
 

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,8 @@ static inline uint32_t hash_string(uint32_t hval, const char *str) {`
`34`	`34`	`// Adaptation of 32-bit FNV for int64_t values.`
`35`	`35`	`static inline uint32_t hash_int64(uint32_t hval, int64_t val) {`
`36`	`36`	`char str[20];`
`37`		`- snprintf(str, sizeof(str), "%lld", (long long)val);`
	`37`	`+ int num_chars_written = snprintf(str, sizeof(str), "%lld", (long long)val);`
	`38`	`+ assert(num_chars_written >= 0 && "snprintf write error to str");`
`38`	`39`	`return hash_string(hval, str);`
`39`	`40`	`}`
`40`	`41`