Currently, CRemoteMH::GetIdentity does a ReadFile, and creates a
std::string from the resulting data.

However, the buffer may not be null-terminated, so we may be using
uninitialised data in the subsequent find_value calls (and the debug
print).

This change uses the string(const char* s, size_t n) constructor
instead, so we only use the actual data returned from the sysinfo file.

Signed-off-by: Jeremy Kerr <j...@ozlabs.org>
---
 libconcord/remote_mh.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libconcord/remote_mh.cpp b/libconcord/remote_mh.cpp
index 1b7702e..cac3d29 100644
--- a/libconcord/remote_mh.cpp
+++ b/libconcord/remote_mh.cpp
@@ -511,7 +511,7 @@ int CRemoteMH::GetIdentity(TRemoteInfo &ri, THIDINFO &hid, 
lc_callback cb,
     if ((err = ReadFile("/sys/sysinfo", (uint8_t*)buffer, buflen, &data_read,
                         0x03, NULL, NULL, 0)))
         return err;
-    string identity(buffer);
+    string identity(buffer, data_read);
     debug("%s", identity.c_str());
 
     ri.fw_ver_major = strtol(find_value(identity, "fw_ver").c_str(), NULL, 10);
-- 
2.5.0


------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
concordance-devel mailing list
concordance-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/concordance-devel

Reply via email to