Error: OVERRUN (CWE-119): [#def56] [important]
bluez-5.76/tools/mgmt-tester.c:12667:2: identity_transfer: Passing "512UL" as argument 3 to function "vhci_read_devcd", which returns that argument.
bluez-5.76/tools/mgmt-tester.c:12667:2: assignment: Assigning: "read" = "vhci_read_devcd(vhci, buf, 512UL)". The value of "read" is now 512.
bluez-5.76/tools/mgmt-tester.c:12674:2: overrun-local: Overrunning array "buf" of 513 bytes at byte offset 513 using index "read + 1" (which evaluates to 513).
12672| }
12673| /* Make sure buf is nul-terminated */
12674|-> buf[read + 1] = '\0';
12675|
12676| /* Verify if all devcoredump header fields are present */
Fixes: 49d06560692f ("mgmt-tester: Fix non-nul-terminated string")
---
tools/mgmt-tester.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/mgmt-tester.c b/tools/mgmt-tester.c
index 8076ec105ebb..1d5c82ae0745 100644
--- a/tools/mgmt-tester.c
+++ b/tools/mgmt-tester.c
@@ -12671,7 +12671,7 @@ static void verify_devcd(void *user_data)
return;
}
/* Make sure buf is nul-terminated */
- buf[read + 1] = '\0';
+ buf[read] = '\0';
/* Verify if all devcoredump header fields are present */
line = strtok_r(buf, delim, &saveptr);
--
2.45.1
