[lttng-dev] [PATCH lttng-tools 12/24] Fix: illegal memory access in list_lttng_channels
Jérémie Galarneau
jeremie.galarneau at efficios.com
Tue May 17 15:55:07 UTC 2016
On Mon, May 16, 2016 at 9:42 PM, Mathieu Desnoyers
<mathieu.desnoyers at efficios.com> wrote:
> Found by Coverity:
> CID 1243018 (#1 of 1): Buffer not null terminated
> (BUFFER_SIZE_WARNING)11. buffer_size_warning: Calling strncpy with a
> maximum size argument of 256 bytes on destination array (channels +
> i).name of size 256 bytes might leave the destination string
> unterminated.
>
> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
> ---
> src/bin/lttng-sessiond/cmd.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c
> index 7f47818..e66c99f 100644
> --- a/src/bin/lttng-sessiond/cmd.c
> +++ b/src/bin/lttng-sessiond/cmd.c
> @@ -277,7 +277,11 @@ static void list_lttng_channels(enum lttng_domain_type domain,
> &iter.iter, uchan, node.node) {
> uint64_t discarded_events = 0, lost_packets = 0;
>
> - strncpy(channels[i].name, uchan->name, LTTNG_SYMBOL_NAME_LEN);
> + if (lttng_strncpy(channels[i].name, uchan->name,
> + LTTNG_SYMBOL_NAME_LEN)) {
> + ret = -1;
Removed ret = -1 since ret is never used (the function has no return value).
Jérémie
> + break;
> + }
> channels[i].attr.overwrite = uchan->attr.overwrite;
> channels[i].attr.subbuf_size = uchan->attr.subbuf_size;
> channels[i].attr.num_subbuf = uchan->attr.num_subbuf;
> --
> 2.1.4
>
--
Jérémie Galarneau
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list