From 46410fa8c1eb66bbf252352de4089808e67e82e1 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:49 -0400 Subject: [PATCH] Fix: illegal memory access in output_init MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1243028 (#1 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)5. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array output->name of size 255 bytes might leave the destination string unterminated. CID 1243028 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING)10. buffer_size_warning: Calling strncpy with a maximum size argument of 4096 bytes on destination array output->consumer->dst.trace_path of size 4096 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/bin/lttng-sessiond/snapshot.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/bin/lttng-sessiond/snapshot.c b/src/bin/lttng-sessiond/snapshot.c index 07a31e080..0003f76f9 100644 --- a/src/bin/lttng-sessiond/snapshot.c +++ b/src/bin/lttng-sessiond/snapshot.c @@ -62,7 +62,10 @@ static int output_init(uint64_t max_size, const char *name, lttng_ht_node_init_ulong(&output->node, (unsigned long) output->id); if (name && name[0] != '\0') { - strncpy(output->name, name, sizeof(output->name)); + if (lttng_strncpy(output->name, name, sizeof(output->name))) { + ret = -LTTNG_ERR_INVALID; + goto error; + } } else { /* Set default name. */ ret = snprintf(output->name, sizeof(output->name), "%s-%" PRIu32, @@ -93,8 +96,12 @@ static int output_init(uint64_t max_size, const char *name, if (uris[0].dtype == LTTNG_DST_PATH) { memset(output->consumer->dst.trace_path, 0, sizeof(output->consumer->dst.trace_path)); - strncpy(output->consumer->dst.trace_path, uris[0].dst.path, - sizeof(output->consumer->dst.trace_path)); + if (lttng_strncpy(output->consumer->dst.trace_path, + uris[0].dst.path, + sizeof(output->consumer->dst.trace_path))) { + ret = -LTTNG_ERR_INVALID; + goto error; + } output->consumer->type = CONSUMER_DST_LOCAL; ret = 0; goto end; -- 2.34.1