[CRIU] [PATCH 3/9] read_ns_sys_file(): don't overrun buf
Andrew Vagin
avagin at odin.com
Wed Oct 7 04:35:38 PDT 2015
On Wed, Oct 07, 2015 at 02:44:18AM -0700, Kir Kolyshkin wrote:
> This is a classical off-by-one error. If sizeof(buf) is 512,
> the last element is buf[511] but not buf[512].
>
> Note that if read() returns 0, we return 0 but buf stays
> uninitialized.
>
> Reported by Coverity, CID 114623.
Acked-by: Andrew Vagin <avagin at odin.com>
>
> Signed-off-by: Kir Kolyshkin <kir at openvz.org>
> ---
> net.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net.c b/net.c
> index 96f2fcc..08ef865 100644
> --- a/net.c
> +++ b/net.c
> @@ -45,8 +45,8 @@ int read_ns_sys_file(char *path, char *buf, int len)
> rlen = read(fd, buf, len);
> close(fd);
>
> - if (rlen >= 0)
> - buf[rlen] = '\0';
> + if (rlen > 0)
> + buf[rlen - 1] = '\0';
>
> return rlen;
> }
> --
> 2.4.3
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
More information about the CRIU
mailing list