Currently, CRemoteMH::GetIdentity does a ReadFile, and creates a std::string from the resulting data.
However, the buffer may not be null-terminated, so we may be using uninitialised data in the subsequent find_value calls (and the debug print). This change uses the string(const char* s, size_t n) constructor instead, so we only use the actual data returned from the sysinfo file. Signed-off-by: Jeremy Kerr <j...@ozlabs.org> --- libconcord/remote_mh.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libconcord/remote_mh.cpp b/libconcord/remote_mh.cpp index 1b7702e..cac3d29 100644 --- a/libconcord/remote_mh.cpp +++ b/libconcord/remote_mh.cpp @@ -511,7 +511,7 @@ int CRemoteMH::GetIdentity(TRemoteInfo &ri, THIDINFO &hid, lc_callback cb, if ((err = ReadFile("/sys/sysinfo", (uint8_t*)buffer, buflen, &data_read, 0x03, NULL, NULL, 0))) return err; - string identity(buffer); + string identity(buffer, data_read); debug("%s", identity.c_str()); ri.fw_ver_major = strtol(find_value(identity, "fw_ver").c_str(), NULL, 10); -- 2.5.0 ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ concordance-devel mailing list concordance-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/concordance-devel