[CRIU] [PATCH] zdtm/chroot: allocate enough memory for a path
Andrei Vagin
avagin at virtuozzo.com
Sat Sep 30 03:51:41 MSK 2017
Applied
On Fri, Sep 29, 2017 at 04:12:15AM +0300, Andrei Vagin wrote:
> From: Andrei Vagin <avagin at virtuozzo.com>
>
> ==36==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x60200000001c at pc 0x7fb26c88d5f9 bp 0x7ffc15087d40 sp 0x7ffc150874d0
> WRITE of size 13 at 0x60200000001c thread T0
> #0 0x7fb26c88d5f8 in vsprintf (/lib64/libasan.so.4+0x9e5f8)
> #1 0x7fb26c88d986 in __interceptor_sprintf (/lib64/libasan.so.4+0x9e986)
> #2 0x402453 in main /root/git/main/criu/test/zdtm/static/chroot.c:68
> #3 0x7fb26c43e4d9 in __libc_start_main (/lib64/libc.so.6+0x204d9)
> #4 0x4031b9 in _start (/root/git/main/criu/test/zdtm/static/chroot+0x4031b9)
>
> Signed-off-by: Andrei Vagin <avagin at virtuozzo.com>
> ---
> test/zdtm/static/chroot.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/test/zdtm/static/chroot.c b/test/zdtm/static/chroot.c
> index 39b1ace0c..439a8e7dc 100644
> --- a/test/zdtm/static/chroot.c
> +++ b/test/zdtm/static/chroot.c
> @@ -64,7 +64,7 @@ int main(int argc, char **argv)
>
> test_init(argc, argv);
>
> - filepath = malloc(strlen(filename) + 1);
> + filepath = malloc(strlen(filename) + 2);
> sprintf(filepath, "/%s", filename);
>
> pipe(pipe_prep);
> --
> 2.13.3
>
More information about the CRIU
mailing list