[CRIU] [PATCH] restore: avoid an unterminated string
Andrei Vagin
avagin at virtuozzo.com
Thu Aug 23 14:09:49 MSK 2018
>>> CID 164715: (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 16 bytes on
destination array "thread_args[i].comm" of size 16 bytes might
leave the destination string unterminated.
3473 strncpy(thread_args[i].comm, core->tc->comm, TASK_COMM_LEN);
Signed-off-by: Andrei Vagin <avagin at virtuozzo.com>
---
criu/cr-restore.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index 87a4754f0..da2dac428 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -3468,9 +3468,10 @@ static int sigreturn_restore(pid_t pid, struct task_restore_args *task_args, uns
goto err;
if (tcore->thread_core->comm)
- strncpy(thread_args[i].comm, tcore->thread_core->comm, TASK_COMM_LEN);
+ strncpy(thread_args[i].comm, tcore->thread_core->comm, TASK_COMM_LEN - 1);
else
- strncpy(thread_args[i].comm, core->tc->comm, TASK_COMM_LEN);
+ strncpy(thread_args[i].comm, core->tc->comm, TASK_COMM_LEN - 1);
+ thread_args[i].comm[TASK_COMM_LEN - 1] = 0;
if (thread_args[i].pid != pid)
core_entry__free_unpacked(tcore, NULL);
--
2.14.3
More information about the CRIU
mailing list