[lttng-dev] [PATCH lttng-tools 12/24] Fix: illegal memory access in list_lttng_channels

Jérémie Galarneau jeremie.galarneau at efficios.com
Tue May 17 15:55:07 UTC 2016


On Mon, May 16, 2016 at 9:42 PM, Mathieu Desnoyers
<mathieu.desnoyers at efficios.com> wrote:
> Found by Coverity:
> CID 1243018 (#1 of 1): Buffer not null terminated
> (BUFFER_SIZE_WARNING)11. buffer_size_warning: Calling strncpy with a
> maximum size argument of 256 bytes on destination array (channels +
> i).name of size 256 bytes might leave the destination string
> unterminated.
>
> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
> ---
>  src/bin/lttng-sessiond/cmd.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
> index 7f47818..e66c99f 100644
> --- a/src/bin/lttng-sessiond/cmd.c
> +++ b/src/bin/lttng-sessiond/cmd.c
> @@ -277,7 +277,11 @@ static void list_lttng_channels(enum lttng_domain_type domain,
>                                 &iter.iter, uchan, node.node) {
>                         uint64_t discarded_events = 0, lost_packets = 0;
>
> -                       strncpy(channels[i].name, uchan->name, LTTNG_SYMBOL_NAME_LEN);
> +                       if (lttng_strncpy(channels[i].name, uchan->name,
> +                                       LTTNG_SYMBOL_NAME_LEN)) {
> +                               ret = -1;

Removed ret = -1 since ret is never used (the function has no return value).

Jérémie

> +                               break;
> +                       }
>                         channels[i].attr.overwrite = uchan->attr.overwrite;
>                         channels[i].attr.subbuf_size = uchan->attr.subbuf_size;
>                         channels[i].attr.num_subbuf = uchan->attr.num_subbuf;
> --
> 2.1.4
>



-- 
Jérémie Galarneau
EfficiOS Inc.
http://www.efficios.com


More information about the lttng-dev mailing list