diff options
author | Stefan Hajnoczi <stefanha@redhat.com> | 2017-03-14 17:09:22 +0800 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2017-03-17 12:54:06 +0100 |
commit | 69583490856713f693291b32fc74b6d0f5992b72 (patch) | |
tree | 01eed1c3f6d1bfd64192f4d7f91616568f053066 /block/file-posix.c | |
parent | 272d7dee5951f926fad1911f2f072e5915cdcba0 (diff) |
file-posix: clean up max_segments buffer termination
The following pattern is unsafe:
char buf[32];
ret = read(fd, buf, sizeof(buf));
...
buf[ret] = 0;
If read(2) returns 32 then a byte beyond the end of the buffer is
zeroed.
In practice this buffer overflow does not occur because the sysfs
max_segments file only contains an unsigned short + '\n'. The string is
always shorter than 32 bytes.
Regardless, avoid this pattern because static analysis tools might
complain and it could lead to real buffer overflows if copy-pasted
elsewhere in the codebase.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block/file-posix.c')
-rw-r--r-- | block/file-posix.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/block/file-posix.c b/block/file-posix.c index c4c06637ef..ac6bd9fae8 100644 --- a/block/file-posix.c +++ b/block/file-posix.c @@ -686,7 +686,7 @@ static int hdev_get_max_segments(const struct stat *st) goto out; } do { - ret = read(fd, buf, sizeof(buf)); + ret = read(fd, buf, sizeof(buf) - 1); } while (ret == -1 && errno == EINTR); if (ret < 0) { ret = -errno; |