Hello,
I am not sure about this one. There is a probability that bufgetline
during first call in src/bootchart/log.c:265 can get string which is not
null-terminated.
Lukas
>From bb19a933eee9bad3f67d3069bfea6c4f476a840a Mon Sep 17 00:00:00 2001
From: Lukas Nykryn
Date: Thu, 10 Jan 2013 14:36:42 +0100
Subject: [PATCH] bootchart: make sure that every read buffer is null
terminated
---
src/bootchart/log.c | 15 +++
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/bootchart/log.c b/src/bootchart/log.c
index eda001a..78f0cab 100644
--- a/src/bootchart/log.c
+++ b/src/bootchart/log.c
@@ -182,8 +182,10 @@ schedstat_next:
if (e_fd) {
n = pread(e_fd, buf, sizeof(buf) - 1, 0);
-if (n > 0)
+if (n > 0) {
+buf[n] = '\0';
entropy_avail[sample] = atoi(buf);
+}
}
}
@@ -256,6 +258,7 @@ schedstat_next:
close(ps->sched);
continue;
}
+buf[s] = '\0';
if (!sscanf(buf, "%s %*s %*s", key))
continue;
@@ -337,8 +340,8 @@ schedstat_next:
if (ps->schedstat == -1)
continue;
}
-
-if (pread(ps->schedstat, buf, sizeof(buf) - 1, 0) <= 0) {
+s = pread(ps->schedstat, buf, sizeof(buf) - 1, 0);
+if (s <= 0) {
/* clean up our file descriptors - assume that the process exited */
close(ps->schedstat);
if (ps->sched)
@@ -347,6 +350,8 @@ schedstat_next:
//fclose(ps->smaps);
continue;
}
+buf[s] = '\0';
+
if (!sscanf(buf, "%s %s %*s", rt, wt))
continue;
@@ -401,7 +406,8 @@ catch_rename:
if (ps->sched == -1)
continue;
}
-if (pread(ps->sched, buf, sizeof(buf) - 1, 0) <= 0) {
+s = pread(ps->sched, buf, sizeof(buf) - 1, 0);
+if (s <= 0) {
/* clean up file descriptors */
close(ps->sched);
if (ps->schedstat)
@@ -410,6 +416,7 @@ catch_rename:
//fclose(ps->smaps);
continue;
}
+buf[s] = '\0';
if (!sscanf(buf, "%s %*s %*s", key))
continue;
--
1.7.11.7
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
