The clock isn't big enough to hold the string with the null
terminating character. Worse, clock[size], which is out of range, is
set to 0. Allocate a big enough buffer.
Fixes an OVERRUN error (CWE-119)
Signed-off-by: Jerome Marchand <jmarchan@xxxxxxxxxx>
---
tracecmd/trace-dump.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tracecmd/trace-dump.c b/tracecmd/trace-dump.c
index 11c1baf1..c0a282c9 100644
--- a/tracecmd/trace-dump.c
+++ b/tracecmd/trace-dump.c
@@ -961,7 +961,7 @@ static void dump_clock(int fd)
}
if (read_file_number(fd, &size, 8))
die("cannot read clock size");
- clock = calloc(1, size);
+ clock = calloc(1, size+1);
if (!clock)
die("cannot allocate clock %lld bytes", size);
--
2.44.0
|