[CRIU] [PATCH 2/9] read_fd_link(): don't overrun buf
Kir Kolyshkin
kir at openvz.org
Wed Oct 7 02:44:17 PDT 2015
This is a classical off-by-one error. If sizeof(buf) is 512,
the last element is buf[511] but not buf[512].
Reported by Coverity, CID 114624, 114622 etc.
Signed-off-by: Kir Kolyshkin <kir at openvz.org>
---
util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util.c b/util.c
index a1ab18b..7694448 100644
--- a/util.c
+++ b/util.c
@@ -467,7 +467,7 @@ int read_fd_link(int lfd, char *buf, size_t size)
pr_err("Buffer for read link of fd %d is too small\n", lfd);
return -1;
}
- buf[ret] = 0;
+ buf[ret - 1] = 0;
return ret;
}
--
2.4.3
More information about the CRIU
mailing list