Fix: memcpy used on potentially overlapping regions
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Thu, 20 Aug 2020 19:38:18 +0000 (15:38 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Wed, 9 Sep 2020 19:05:35 +0000 (15:05 -0400)
Caught by reviewing unrelated code, these two uses of memcpy
can operate on overlapping buffers. I checked all other uses
of "raw" memcpy and those appear safe.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I72b1204bc52a92015042adb6a67b022d140f5b4e

src/bin/lttng-sessiond/notification-thread-events.c
src/common/utils.c

index 9660f9aad1bb3efcd34afd25d1a7056d0bfaa10f..b078b59332e028a4bd6d5049724acb6a0898dbbe 100644 (file)
@@ -2569,7 +2569,7 @@ int client_flush_outgoing_queue(struct notification_client *client,
                                client->socket);
                to_send_count -= max(ret, 0);
 
-               memcpy(client->communication.outbound.buffer.data,
+               memmove(client->communication.outbound.buffer.data,
                                client->communication.outbound.buffer.data +
                                client->communication.outbound.buffer.size - to_send_count,
                                to_send_count);
index d6c67bb0f368bac63699b85c05dc399d8d292a08..2f587bc7c49f11cfb03bdbbc59149c9994d9bd17 100644 (file)
@@ -294,7 +294,7 @@ int expand_double_slashes_dot_and_dotdot(char *path)
                 * Copy the current token which is neither a '.' nor a '..'.
                 */
                path[expanded_path_len++] = '/';
-               memcpy(&path[expanded_path_len], curr_char, curr_token_len);
+               memmove(&path[expanded_path_len], curr_char, curr_token_len);
                expanded_path_len += curr_token_len;
        }
 
This page took 0.030291 seconds and 4 git commands to generate.