[PATCH] libnuma: fix memory corruption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Applying strlen() to the result of strncpy() isn't valid...

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
Cc: Thomas Renninger <trenn@xxxxxxx>

--- 2.0.4-rc2.orig/libnuma.c	2010-04-09 14:25:48.000000000 +0200
+++ 2.0.4-rc2/libnuma.c	2010-06-09 10:22:33.000000000 +0200
@@ -461,10 +461,13 @@ set_task_constraints(void)
 				read_mask(mask, numa_all_nodes_ptr);
 		}
 		if (strncmp(buffer,"Mems_allowed_list:",18) == 0) {
-			nodes_allowed_list = malloc(strlen(buffer)-18);
-			strncpy(nodes_allowed_list, buffer + 19,
-				strlen(buffer) - 19);
-			nodes_allowed_list[strlen(nodes_allowed_list)-1] = '\0';
+			size_t len = strlen(mask);
+
+			nodes_allowed_list = malloc(len);
+			if (nodes_allowed_list) {
+				memcpy(nodes_allowed_list, mask, len-1);
+				nodes_allowed_list[len-1] = '\0';
+			}
 		}
 	}
 	fclose(f);


--
To unsubscribe from this list: send the line "unsubscribe linux-numa" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]     [Devices]

  Powered by Linux