[PATCH i-g-t v1 3/6] lib/igt_debugfs: Prevent buffer overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



buf array may overflow with when writing '\0' if
MAX_LINE_LEN bytes are read during read().

Signed-off-by: Robert Foss <robert.foss@xxxxxxxxxxxxx>
---
 lib/igt_debugfs.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/igt_debugfs.c b/lib/igt_debugfs.c
index d828687a..982573d7 100644
--- a/lib/igt_debugfs.c
+++ b/lib/igt_debugfs.c
@@ -597,10 +597,12 @@ static int read_crc(igt_pipe_crc_t *pipe_crc, igt_crc_t *out)
 	bytes_read = read(pipe_crc->crc_fd, &buf, read_len);
 	igt_reset_timeout();
 
-	if (bytes_read < 0 && errno == EAGAIN) {
+	if (bytes_read < 0 && errno == EAGAIN)
 		igt_assert(pipe_crc->flags & O_NONBLOCK);
+
+	if (bytes_read < 0)
 		bytes_read = 0;
-	}
+
 	buf[bytes_read] = '\0';
 
 	if (bytes_read && !pipe_crc_init_from_string(pipe_crc, out, buf))
-- 
2.11.0

_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx




[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]
  Powered by Linux