The run_thread_comm and current_comm character arrays in struct timerlat_aa_data are defined with size MAX_COMM (24 bytes), but strncpy() is called with MAX_COMM as the size parameter. If the source string is exactly MAX_COMM bytes or longer, strncpy() will copy exactly MAX_COMM bytes without null termination, potentially causing buffer overruns when these strings are later used.
Increase the buffer sizes to MAX_COMM+1 to ensure there is always room for the null terminator. This guarantees that even when strncpy() copies the maximum number of characters, the buffer remains properly null-terminated and safe to use in subsequent string operations. Signed-off-by: Wander Lairson Costa <[email protected]> --- tools/tracing/rtla/src/timerlat_aa.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/tracing/rtla/src/timerlat_aa.c b/tools/tracing/rtla/src/timerlat_aa.c index 31e66ea2b144c..d310fe65abace 100644 --- a/tools/tracing/rtla/src/timerlat_aa.c +++ b/tools/tracing/rtla/src/timerlat_aa.c @@ -47,7 +47,7 @@ struct timerlat_aa_data { * note: "unsigned long long" because they are fetch using tep_get_field_val(); */ unsigned long long run_thread_pid; - char run_thread_comm[MAX_COMM]; + char run_thread_comm[MAX_COMM+1]; unsigned long long thread_blocking_duration; unsigned long long max_exit_idle_latency; @@ -88,7 +88,7 @@ struct timerlat_aa_data { /* * Current thread. */ - char current_comm[MAX_COMM]; + char current_comm[MAX_COMM+1]; unsigned long long current_pid; /* -- 2.52.0
