[lttng-dev] [PATCH lttng-tools 14/24] Fix: illegal memory access in syscall_init_table
Jérémie Galarneau
jeremie.galarneau at efficios.com
Tue May 17 15:55:14 UTC 2016
On Mon, May 16, 2016 at 9:42 PM, Mathieu Desnoyers
<mathieu.desnoyers at efficios.com> wrote:
> Found by Coverity:
> CID 1243021 (#1 of 1): Buffer not null terminated
> (BUFFER_SIZE_WARNING)25. buffer_size_warning: Calling strncpy with a
> maximum size argument of 255 bytes on destination array (syscall_table +
> index).name of size 255 bytes might leave the destination string
> unterminated.
>
> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
> ---
> src/bin/lttng-sessiond/syscall.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/src/bin/lttng-sessiond/syscall.c b/src/bin/lttng-sessiond/syscall.c
> index 7ae6682..02fec15 100644
> --- a/src/bin/lttng-sessiond/syscall.c
> +++ b/src/bin/lttng-sessiond/syscall.c
> @@ -108,8 +108,11 @@ int syscall_init_table(void)
> }
> syscall_table[index].index = index;
> syscall_table[index].bitness = bitness;
> - strncpy(syscall_table[index].name, name,
> - sizeof(syscall_table[index].name));
> + if (lttng_strncpy(syscall_table[index].name, name,
> + sizeof(syscall_table[index].name))) {
> + ret = -EINVAL;
> + goto error;
This will leak syscall_table. I have made the change in the merged
version (free() and set to NULL).
Jérémie
> + }
> /*
> DBG("Syscall name '%s' at index %" PRIu32 " of bitness %u",
> syscall_table[index].name,
> --
> 2.1.4
>
> _______________________________________________
> lttng-dev mailing list
> lttng-dev at lists.lttng.org
> https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
--
Jérémie Galarneau
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list