Note, please start the subject with a capital letter:
trace-cmd dump: Prevent buffer overrun in dump_clock()
On Wed, 5 Jun 2024 15:40:37 +0200
"Jerome Marchand" <jmarchan@xxxxxxxxxx> wrote:
> The clock isn't big enough to hold the string with the null
> terminating character. Worse, clock[size], which is out of range, is
> set to 0. Allocate a big enough buffer.
>
> Fixes an OVERRUN error (CWE-119)
>
> Signed-off-by: Jerome Marchand <jmarchan@xxxxxxxxxx>
> ---
> tracecmd/trace-dump.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tracecmd/trace-dump.c b/tracecmd/trace-dump.c
> index 11c1baf1..c0a282c9 100644
> --- a/tracecmd/trace-dump.c
> +++ b/tracecmd/trace-dump.c
> @@ -961,7 +961,7 @@ static void dump_clock(int fd)
> }
> if (read_file_number(fd, &size, 8))
> die("cannot read clock size");
> - clock = calloc(1, size);
> + clock = calloc(1, size+1);
Also we follow the Linux kernel syntax. Please add spaces.
clock = calloc(1, size + 1);
Care to resend. I'll skip this patch as well.
Thanks,
-- Steve
> if (!clock)
> die("cannot allocate clock %lld bytes", size);
>
|