This is an automatic generated email to let you know that the following patch were queued at the http://git.linuxtv.org/v4l-utils.git tree:
Subject: media-ctl: Fix off-by-one buffer overflow with readlink Author: Laurent Pinchart <[email protected]> Date: Tue Jun 3 11:53:23 2014 +0200 readlink() returns the number of bytes written to the buffer, which can be up to the passed buffer size, without including the terminating '\0'. This causes an off-by-one overflow as we pass the total buffer length to the function and then try to append a terminating '\0'. Fix it by passing the buffer size minus one to readlink(). Reported-by: Coverity Scan Signed-off-by: Laurent Pinchart <[email protected]> utils/media-ctl/libmediactl.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --- http://git.linuxtv.org/v4l-utils.git?a=commitdiff;h=8b0636338b187262811407cfb44cf24e76f2ffaf diff --git a/utils/media-ctl/libmediactl.c b/utils/media-ctl/libmediactl.c index 409acb8..ec360bd 100644 --- a/utils/media-ctl/libmediactl.c +++ b/utils/media-ctl/libmediactl.c @@ -468,7 +468,7 @@ static int media_get_devname_sysfs(struct media_entity *entity) sprintf(sysname, "/sys/dev/char/%u:%u", entity->info.v4l.major, entity->info.v4l.minor); - ret = readlink(sysname, target, sizeof(target)); + ret = readlink(sysname, target, sizeof(target) - 1); if (ret < 0) return -errno; _______________________________________________ linuxtv-commits mailing list [email protected] http://www.linuxtv.org/cgi-bin/mailman/listinfo/linuxtv-commits
