[CRIU] [PATCH 2/2] parasite: don't use a negative index to access array elements
Andrey Vagin
avagin at openvz.org
Mon Feb 29 11:40:50 PST 2016
From: Andrew Vagin <avagin at virtuozzo.com>
*** CID 158458: Memory - corruptions (NEGATIVE_RETURNS)
/criu/pie/parasite.c: 321 in get_proc_fd()
315
316 ret = sys_readlinkat(AT_FDCWD, "/proc/self", buf, sizeof(buf));
317 if (ret < 0 && ret != -ENOENT) {
318 pr_err("Can't readlink /proc/self (%d)\n", ret);
319 return ret;
320 }
>>> CID 158458: Memory - corruptions (NEGATIVE_RETURNS)
>>> Using variable "ret" as an index to array "buf".
321 buf[ret] = 0;
322
323 /* Fast path -- if /proc belongs to this pidns */
324 if (pie_atoi(buf) == sys_getpid())
325 return sys_open("/proc", O_RDONLY, 0);
326
Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
---
criu/pie/parasite.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/criu/pie/parasite.c b/criu/pie/parasite.c
index ae6e10b..d47f825 100644
--- a/criu/pie/parasite.c
+++ b/criu/pie/parasite.c
@@ -311,18 +311,20 @@ static int pie_atoi(char *str)
static int get_proc_fd()
{
int ret;
- char buf[10];
+ char buf[11];
- ret = sys_readlinkat(AT_FDCWD, "/proc/self", buf, sizeof(buf));
+ ret = sys_readlinkat(AT_FDCWD, "/proc/self", buf, sizeof(buf) - 1);
if (ret < 0 && ret != -ENOENT) {
pr_err("Can't readlink /proc/self (%d)\n", ret);
return ret;
}
- buf[ret] = 0;
+ if (ret > 0) {
+ buf[ret] = 0;
- /* Fast path -- if /proc belongs to this pidns */
- if (pie_atoi(buf) == sys_getpid())
- return sys_open("/proc", O_RDONLY, 0);
+ /* Fast path -- if /proc belongs to this pidns */
+ if (pie_atoi(buf) == sys_getpid())
+ return sys_open("/proc", O_RDONLY, 0);
+ }
ret = sys_mkdir(proc_mountpoint, 0700);
if (ret) {
--
2.5.0
More information about the CRIU
mailing list