On Tue, Jan 10, 2023 at 04:09:16PM -0700, Vishal Verma wrote:
> Static analysis reports that when 'csv' is allocated for 'len' bytes,
> writing to csv[len] results in an out of bounds access. Fix this
> truncation operation to instead write the NUL terminator to csv[len -
> 1], which is the last byte of the memory allocated.
>
> Fixes: 3d6cd829ec08 ("cxl/region: Use cxl_filter_walk() to gather
> create-region targets")
> Cc: Dan Williams <[email protected]>
> Signed-off-by: Vishal Verma <[email protected]>
Reviewed-by: Alison Schofield <[email protected]>
> ---
> cxl/region.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/cxl/region.c b/cxl/region.c
> index 9a81113..89be9b5 100644
> --- a/cxl/region.c
> +++ b/cxl/region.c
> @@ -156,7 +156,7 @@ static const char *to_csv(int *count, const char
> **strings)
> cursor += snprintf(csv + cursor, len - cursor, "%s%s",
> arg, i + 1 < new_count ? "," : "");
> if (cursor >= len) {
> - csv[len] = 0;
> + csv[len - 1] = 0;
> break;
> }
> }
>
> --
> 2.39.0
>
