[CRIU] [PATCH] cr-dump: fix out-of-bounds write (OVERRUN)
Andrey Vagin
avagin at openvz.org
Fri Oct 31 13:22:12 PDT 2014
CID 73381 (#1 of 1): Out-of-bounds write (OVERRUN)
15. overrun-local: Overrunning array loc_buf of 4096 bytes at byte offset 4096 using index len (which evaluates to 4096).
CID 73355 (#1 of 1): Out-of-bounds write (OVERRUN)
6. overrun-local: Overrunning array loc_buf of 4096 bytes at byte offset 4096 using index ret (which evaluates to 4096)
Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
cr-dump.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cr-dump.c b/cr-dump.c
index 0fd2ff1e..f794801 100644
--- a/cr-dump.c
+++ b/cr-dump.c
@@ -563,7 +563,7 @@ static int get_task_personality(pid_t pid, u32 *personality)
if (fd < 0)
goto err;
- ret = read(fd, loc_buf, sizeof(loc_buf));
+ ret = read(fd, loc_buf, sizeof(loc_buf) - 1);
close(fd);
if (ret >= 0) {
@@ -746,7 +746,7 @@ static int parse_children(pid_t pid, pid_t **_c, int *_n)
if (fd < 0)
goto err;
- len = read(fd, loc_buf, sizeof(loc_buf));
+ len = read(fd, loc_buf, sizeof(loc_buf) - 1);
close(fd);
if (len < 0)
goto err;
--
1.9.3
More information about the CRIU
mailing list