From: Mathieu Desnoyers Date: Tue, 17 May 2016 01:42:45 +0000 (-0400) Subject: Fix: illegal memory access in disable_event X-Git-Tag: v2.6.3~53 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=a58f824d947dd0b6741386a84e825948aac0fa04;p=lttng-tools.git Fix: illegal memory access in disable_event Found by Coverity: CID 1243016 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)14. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array msg.name of size 256 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c index c0b8a218b..9935e0612 100644 --- a/src/bin/lttng-sessiond/agent.c +++ b/src/bin/lttng-sessiond/agent.c @@ -392,14 +392,17 @@ static int disable_event(struct agent_app *app, struct agent_event *event) app->pid, app->sock->fd); data_size = sizeof(msg); + memset(&msg, 0, sizeof(msg)); + if (lttng_strncpy(msg.name, event->name, sizeof(msg.name))) { + ret = LTTNG_ERR_INVALID; + goto error; + } ret = send_header(app->sock, data_size, AGENT_CMD_DISABLE, 0); if (ret < 0) { goto error_io; } - memset(&msg, 0, sizeof(msg)); - strncpy(msg.name, event->name, sizeof(msg.name)); ret = send_payload(app->sock, &msg, sizeof(msg)); if (ret < 0) { goto error_io;