Fix: memcpy used on potentially overlapping regions
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Thu, 20 Aug 2020 19:38:18 +0000 (15:38 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Thu, 10 Sep 2020 16:13:44 +0000 (12:13 -0400)
Caught by reviewing unrelated code, these two uses of memcpy
can operate on overlapping buffers. I checked all other uses
of "raw" memcpy and those appear safe.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I72b1204bc52a92015042adb6a67b022d140f5b4e

src/bin/lttng-sessiond/notification-thread-events.c
src/common/utils.c

index f7a52463862afa94f167ee181d54250e767cd39b..24bc2482ade2590a802057a3e7dd334c01f16220 100644 (file)
@@ -2579,7 +2579,7 @@ int client_flush_outgoing_queue(struct notification_client *client,
                                client->socket);
                to_send_count -= max(ret, 0);
 
-               memcpy(client->communication.outbound.buffer.data,
+               memmove(client->communication.outbound.buffer.data,
                                client->communication.outbound.buffer.data +
                                client->communication.outbound.buffer.size - to_send_count,
                                to_send_count);
index 7041a713bd7caa77e15a5dff69d688691824923f..5420490a76a40f1d66d504f46e545aaebba56f78 100644 (file)
@@ -300,7 +300,7 @@ int expand_double_slashes_dot_and_dotdot(char *path)
                 * Copy the current token which is neither a '.' nor a '..'.
                 */
                path[expanded_path_len++] = '/';
-               memcpy(&path[expanded_path_len], curr_char, curr_token_len);
+               memmove(&path[expanded_path_len], curr_char, curr_token_len);
                expanded_path_len += curr_token_len;
        }
 
This page took 0.029924 seconds and 4 git commands to generate.