read_fd_link(): don't overrun buf

This is a classical off-by-one error. If sizeof(buf) is 512, the last element is buf[511] but not buf[512]. Reported by Coverity, CID 114624, 114622 etc. Signed-off-by: Kir Kolyshkin <kir@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

read_fd_link(): don't overrun buf
This is a classical off-by-one error. If sizeof(buf) is 512, the last element is buf[511] but not buf[512]. Reported by Coverity, CID 114624, 114622 etc. Signed-off-by: Kir Kolyshkin <kir@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
377763e5 · Kir Kolyshkin · Pavel Emelyanov · 0570dd81 · 377763e5
Commit 377763e5 authored Oct 07, 2015 by Kir Kolyshkin Committed by Pavel Emelyanov Oct 07, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

util.c util.c +1 -1

No files found.
--- a/util.c
+++ b/util.c
@@ -467,7 +467,7 @@ int read_fd_link(int lfd, char *buf, size_t size)
 		pr_err("Buffer for read link of fd %d is too small\n", lfd);
 		return -1;
 	}
-	buf[ret] = 0;
+	buf[ret - 1] = 0;
 	return ret;
 }