[ https://issues.apache.org/jira/browse/YARN-7455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16273622#comment-16273622 ]
Jim Brennan commented on YARN-7455: ----------------------------------- Thanks for the suggestions. Using snprintf to calculate the size is great idea - definitely more maintainable. I will rework and submit a new patch. Manually writing the NUL is just paranoia - I agree it is not necessary in this case. > quote_and_append_arg can overflow buffer > ---------------------------------------- > > Key: YARN-7455 > URL: https://issues.apache.org/jira/browse/YARN-7455 > Project: Hadoop YARN > Issue Type: Bug > Components: nodemanager > Affects Versions: 2.9.0, 3.0.0 > Reporter: Jason Lowe > Assignee: Jim Brennan > Attachments: YARN-7455.001.patch, YARN-7455.002.patch > > > While reviewing YARN-7197 I noticed that add_mounts in docker_util.c has a > potential buffer overflow since tmp_buffer is only 1024 bytes which may not > be sufficient to hold the specified mount path. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org