[lttng-dev] [PATCH lttng-tools 07/24] Fix: illegal memory access in list_events
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Tue May 17 01:42:46 UTC 2016
Found by Coverity:
CID 1243022 (#1 of 1): Buffer not null terminated
(BUFFER_SIZE_WARNING)23. buffer_size_warning: Calling strncpy with a
maximum size argument of 256 bytes on destination array (tmp_events +
i).name of size 256 bytes might leave the destination string
unterminated.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
---
src/bin/lttng-sessiond/agent.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c
index 6841d41..8e1ef08 100644
--- a/src/bin/lttng-sessiond/agent.c
+++ b/src/bin/lttng-sessiond/agent.c
@@ -353,8 +353,11 @@ static ssize_t list_events(struct agent_app *app, struct lttng_event **events)
for (i = 0; i < nb_event; i++) {
offset += len;
- strncpy(tmp_events[i].name, reply->payload + offset,
- sizeof(tmp_events[i].name));
+ if (lttng_strncpy(tmp_events[i].name, reply->payload + offset,
+ sizeof(tmp_events[i].name))) {
+ ret = LTTNG_ERR_INVALID;
+ goto error;
+ }
tmp_events[i].pid = app->pid;
tmp_events[i].enabled = -1;
len = strlen(reply->payload + offset) + 1;
--
2.1.4
More information about the lttng-dev
mailing list