[ 
https://issues.apache.org/jira/browse/YARN-7455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16273622#comment-16273622
 ] 

Jim Brennan commented on YARN-7455:
-----------------------------------

Thanks for the suggestions.  Using snprintf to calculate the size is great idea 
- definitely more maintainable.  I will rework and submit a new patch.
Manually writing the NUL is just paranoia - I agree it is not necessary in this 
case.

> quote_and_append_arg can overflow buffer
> ----------------------------------------
>
>                 Key: YARN-7455
>                 URL: https://issues.apache.org/jira/browse/YARN-7455
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.9.0, 3.0.0
>            Reporter: Jason Lowe
>            Assignee: Jim Brennan
>         Attachments: YARN-7455.001.patch, YARN-7455.002.patch
>
>
> While reviewing YARN-7197 I noticed that add_mounts in docker_util.c has a 
> potential buffer overflow since tmp_buffer is only 1024 bytes which may not 
> be sufficient to hold the specified mount path.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to