file-posix: clean up max_segments buffer termination - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Stefan Hajnoczi <stefanha@redhat.com>	2017-03-14 17:09:22 +0800
committer	Kevin Wolf <kwolf@redhat.com>	2017-03-17 12:54:06 +0100
commit	69583490856713f693291b32fc74b6d0f5992b72 (patch)
tree	01eed1c3f6d1bfd64192f4d7f91616568f053066 /scripts/switch-timer-api
parent	272d7dee5951f926fad1911f2f072e5915cdcba0 (diff)
download	focaccia-qemu-69583490856713f693291b32fc74b6d0f5992b72.tar.gz focaccia-qemu-69583490856713f693291b32fc74b6d0f5992b72.zip

file-posix: clean up max_segments buffer termination

The following pattern is unsafe:

  char buf[32];
  ret = read(fd, buf, sizeof(buf));
  ...
  buf[ret] = 0;

If read(2) returns 32 then a byte beyond the end of the buffer is
zeroed.

In practice this buffer overflow does not occur because the sysfs
max_segments file only contains an unsigned short + '\n'.  The string is
always shorter than 32 bytes.

Regardless, avoid this pattern because static analysis tools might
complain and it could lead to real buffer overflows if copy-pasted
elsewhere in the codebase.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Diffstat (limited to 'scripts/switch-timer-api')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: