From bf9b9ac99633231527628e9b0f3304c0fa9dfa00 Mon Sep 17 00:00:00 2001
From: ideal <idealities@gmail.com>
Date: Sun, 22 May 2022 11:41:09 +0800
Subject: [PATCH] fix: potential overflow of pThread->label.

The max size of pServer->label plus i can be 18, which exceeds
pThread->label, though we are not likely to have so much threads.
---
 src/plugins/http/inc/httpInt.h    | 2 +-
 src/plugins/http/src/httpServer.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/plugins/http/inc/httpInt.h b/src/plugins/http/inc/httpInt.h
index 2aa01244c6..52b83c0260 100644
--- a/src/plugins/http/inc/httpInt.h
+++ b/src/plugins/http/inc/httpInt.h
@@ -175,7 +175,7 @@ typedef struct HttpThread {
   EpollFd         pollFd;
   int32_t         numOfContexts;
   int32_t         threadId;
-  char            label[HTTP_LABEL_SIZE << 1];
+  char            label[HTTP_LABEL_SIZE << 2];
   bool (*processData)(HttpContext *pContext);
 } HttpThread;
 
diff --git a/src/plugins/http/src/httpServer.c b/src/plugins/http/src/httpServer.c
index c00d8bdebd..fb3c16824f 100644
--- a/src/plugins/http/src/httpServer.c
+++ b/src/plugins/http/src/httpServer.c
@@ -313,7 +313,7 @@ bool httpInitConnect() {
 
   HttpThread *pThread = pServer->pThreads;
   for (int32_t i = 0; i < pServer->numOfThreads; ++i) {
-    sprintf(pThread->label, "%s%d", pServer->label, i);
+    snprintf(pThread->label, sizeof(pThread->label), "%s%d", pServer->label, i);
     pThread->processData = pServer->processData;
     pThread->threadId = i;
 
-- 
GitLab