Prev: [PATCH] drivers: vt: clean up the code - use kernel library
Next: trace-cmd: prevent print_graph_duration buffer overflow
From: Chase Douglas on 15 Jun 2010 10:50
Passing n > sizeof(string) to snprintf can cause a glibc buffer overflow
condition. We know the exact size of nsecs_str, so use it along with the
the math to determine the longest string size we want.

Note that an overflow isn't really possible given the format of the
string. However, glibc would abort due to a runtime check.

Signed-off-by: Chase Douglas <chase.douglas(a)canonical.com>
---
trace-ftrace.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/trace-ftrace.c b/trace-ftrace.c
index af9ac8d..181a00f 100644
--- a/trace-ftrace.c
+++ b/trace-ftrace.c
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/param.h>

#include "trace-cmd.h"

@@ -148,7 +149,7 @@ static void print_graph_duration(struct trace_seq *s, unsigned long long duratio

/* Print nsecs (we don't want to exceed 7 numbers) */
if ((s->len - len) < 7) {
- snprintf(nsecs_str, 8 - (s->len - len), "%03lu", nsecs_rem);
+ snprintf(nsecs_str, MIN(sizeof(nsecs_str), 8 - len), "%03lu", nsecs_rem);
trace_seq_printf(s, ".%s", nsecs_str);
}

--
1.7.0.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: [PATCH] drivers: vt: clean up the code - use kernel library
Next: trace-cmd: prevent print_graph_duration buffer overflow