From: Mathieu Desnoyers Date: Tue, 17 May 2016 01:42:46 +0000 (-0400) Subject: Fix: illegal memory access in list_events X-Git-Tag: v2.8.0~77 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=53709be109fd57972149567341ef731fa502d8be;p=lttng-tools.git Fix: illegal memory access in list_events Found by Coverity: CID 1243022 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)23. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array (tmp_events + i).name of size 256 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c index 6841d4192..8e1ef0849 100644 --- a/src/bin/lttng-sessiond/agent.c +++ b/src/bin/lttng-sessiond/agent.c @@ -353,8 +353,11 @@ static ssize_t list_events(struct agent_app *app, struct lttng_event **events) for (i = 0; i < nb_event; i++) { offset += len; - strncpy(tmp_events[i].name, reply->payload + offset, - sizeof(tmp_events[i].name)); + if (lttng_strncpy(tmp_events[i].name, reply->payload + offset, + sizeof(tmp_events[i].name))) { + ret = LTTNG_ERR_INVALID; + goto error; + } tmp_events[i].pid = app->pid; tmp_events[i].enabled = -1; len = strlen(reply->payload + offset) + 1;