projects / lttng-tools.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 882093e)
Fix: memcpy used on potentially overlapping regions
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Thu, 20 Aug 2020 19:38:18 +0000 (15:38 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Thu, 20 Aug 2020 19:38:18 +0000 (15:38 -0400)
Caught by reviewing unrelated code, these two uses of memcpy
can operate on overlapping buffers. I checked all other uses
of "raw" memcpy and those appear safe.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I72b1204bc52a92015042adb6a67b022d140f5b4e

src/bin/lttng-sessiond/notification-thread-events.c patch | blob | blame | history
src/common/utils.c patch | blob | blame | history

diff --git a/src/bin/lttng-sessiond/notification-thread-events.c b/src/bin/lttng-sessiond/notification-thread-events.c
index 86a114c07ddb0cafc9acd5533d1315bce10d7343..95101178f2f08c7d40bd0ae242ddf79193e45095 100644 (file)
--- a/src/bin/lttng-sessiond/notification-thread-events.c
+++ b/src/bin/lttng-sessiond/notification-thread-events.c
@@ -2869,7 +2869,7 @@ enum client_transmission_status client_flush_outgoing_queue(
                                client->socket);
                to_send_count -= max(ret, 0);
 
-               memcpy(client->communication.outbound.payload.buffer.data,
+               memmove(client->communication.outbound.payload.buffer.data,
                                pv.buffer.data +
                                pv.buffer.size - to_send_count,
                                to_send_count);
diff --git a/src/common/utils.c b/src/common/utils.c
index a068e410b4bf26800d38e5807a0fb06c884f70d6..7006a21581ea91f952c7d7dbe57a1095d467979e 100644 (file)
--- a/src/common/utils.c
+++ b/src/common/utils.c
@@ -294,7 +294,7 @@ int expand_double_slashes_dot_and_dotdot(char *path)
                 * Copy the current token which is neither a '.' nor a '..'.
                 */
                path[expanded_path_len++] = '/';
-               memcpy(&path[expanded_path_len], curr_char, curr_token_len);
+               memmove(&path[expanded_path_len], curr_char, curr_token_len);
                expanded_path_len += curr_token_len;
        }
 
LTTng 2.0 tools and control repository
This page took 0.032806 seconds and 4 git commands to generate.