[lttng-dev] [PATCH lttng-tools 10/24] Fix: illegal memory access in output_init

Mathieu Desnoyers mathieu.desnoyers at efficios.com
Tue May 17 01:42:49 UTC 2016 

Found by Coverity:

CID 1243028 (#1 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)5. buffer_size_warning: Calling strncpy with a
maximum size argument of 255 bytes on destination array output->name of
size 255 bytes might leave the destination string unterminated.

CID 1243028 (#2 of 2): Buffer not null terminated
(BUFFER_SIZE_WARNING)10. buffer_size_warning: Calling strncpy with a
maximum size argument of 4096 bytes on destination array
output->consumer->dst.trace_path of size 4096 bytes might leave the
destination string unterminated.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
---
 src/bin/lttng-sessiond/snapshot.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/bin/lttng-sessiond/snapshot.c b/src/bin/lttng-sessiond/snapshot.c
index 3de468a..d2016a1 100644
--- a/src/bin/lttng-sessiond/snapshot.c
+++ b/src/bin/lttng-sessiond/snapshot.c
@@ -62,7 +62,10 @@ static int output_init(uint64_t max_size, const char *name,
 	lttng_ht_node_init_ulong(&output->node, (unsigned long) output->id);
 
 	if (name && name[0] != '\0') {
-		strncpy(output->name, name, sizeof(output->name));
+		if (lttng_strncpy(output->name, name, sizeof(output->name))) {
+			ret = -LTTNG_ERR_INVALID;
+			goto error;
+		}
 	} else {
 		/* Set default name. */
 		ret = snprintf(output->name, sizeof(output->name), "%s-%" PRIu32,
@@ -93,8 +96,12 @@ static int output_init(uint64_t max_size, const char *name,
 	if (uris[0].dtype == LTTNG_DST_PATH) {
 		memset(output->consumer->dst.trace_path, 0,
 				sizeof(output->consumer->dst.trace_path));
-		strncpy(output->consumer->dst.trace_path, uris[0].dst.path,
-				sizeof(output->consumer->dst.trace_path));
+		if (lttng_strncpy(output->consumer->dst.trace_path,
+				uris[0].dst.path,
+				sizeof(output->consumer->dst.trace_path))) {
+			ret = -LTTNG_ERR_INVALID;
+			goto error;
+		}
 		output->consumer->type = CONSUMER_DST_LOCAL;
 		ret = 0;
 		goto end;
-- 
2.1.4

More information about the lttng-dev mailing list