[CRIU] [PATCH] restore: avoid an unterminated string
Andrei Vagin
avagin at virtuozzo.com
Wed Aug 29 15:10:26 MSK 2018
Applied
On Thu, Aug 23, 2018 at 02:09:49PM +0300, Andrei Vagin wrote:
> >>> CID 164715: (BUFFER_SIZE_WARNING)
> >>> Calling strncpy with a maximum size argument of 16 bytes on
> destination array "thread_args[i].comm" of size 16 bytes might
> leave the destination string unterminated.
> 3473 strncpy(thread_args[i].comm, core->tc->comm, TASK_COMM_LEN);
>
> Signed-off-by: Andrei Vagin <avagin at virtuozzo.com>
> ---
> criu/cr-restore.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/criu/cr-restore.c b/criu/cr-restore.c
> index 87a4754f0..da2dac428 100644
> --- a/criu/cr-restore.c
> +++ b/criu/cr-restore.c
> @@ -3468,9 +3468,10 @@ static int sigreturn_restore(pid_t pid, struct task_restore_args *task_args, uns
> goto err;
>
> if (tcore->thread_core->comm)
> - strncpy(thread_args[i].comm, tcore->thread_core->comm, TASK_COMM_LEN);
> + strncpy(thread_args[i].comm, tcore->thread_core->comm, TASK_COMM_LEN - 1);
> else
> - strncpy(thread_args[i].comm, core->tc->comm, TASK_COMM_LEN);
> + strncpy(thread_args[i].comm, core->tc->comm, TASK_COMM_LEN - 1);
> + thread_args[i].comm[TASK_COMM_LEN - 1] = 0;
>
> if (thread_args[i].pid != pid)
> core_entry__free_unpacked(tcore, NULL);
> --
> 2.14.3
>
More information about the CRIU
mailing list