[CRIU] [PATCH 3/9] read_ns_sys_file(): don't overrun buf
Kir Kolyshkin
kir at openvz.org
Wed Oct 7 02:44:18 PDT 2015
This is a classical off-by-one error. If sizeof(buf) is 512,
the last element is buf[511] but not buf[512].
Note that if read() returns 0, we return 0 but buf stays
uninitialized.
Reported by Coverity, CID 114623.
Signed-off-by: Kir Kolyshkin <kir at openvz.org>
---
net.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net.c b/net.c
index 96f2fcc..08ef865 100644
--- a/net.c
+++ b/net.c
@@ -45,8 +45,8 @@ int read_ns_sys_file(char *path, char *buf, int len)
rlen = read(fd, buf, len);
close(fd);
- if (rlen >= 0)
- buf[rlen] = '\0';
+ if (rlen > 0)
+ buf[rlen - 1] = '\0';
return rlen;
}
--
2.4.3
More information about the CRIU
mailing list