cr-dump: fix out-of-bounds write (OVERRUN)

CID 73381 (#1 of 1): Out-of-bounds write (OVERRUN) 15. overrun-local: Overrunning array loc_buf of 4096 bytes at byte offset 4096 using index len (which evaluates to 4096). CID 73355 (#1 of 1): Out-of-bounds write (OVERRUN) 6. overrun-local: Overrunning array loc_buf of 4096 bytes at byte offset 4096 using index ret (which evaluates to 4096) Signed-off-by: Andrey Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

cr-dump: fix out-of-bounds write (OVERRUN)
CID 73381 (#1 of 1): Out-of-bounds write (OVERRUN) 15. overrun-local: Overrunning array loc_buf of 4096 bytes at byte offset 4096 using index len (which evaluates to 4096). CID 73355 (#1 of 1): Out-of-bounds write (OVERRUN) 6. overrun-local: Overrunning array loc_buf of 4096 bytes at byte offset 4096 using index ret (which evaluates to 4096) Signed-off-by: Andrey Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
c80048d2 · Andrey Vagin · Pavel Emelyanov · 3bb7731c · c80048d2
Commit c80048d2 authored Oct 31, 2014 by Andrey Vagin Committed by Pavel Emelyanov Nov 05, 2014
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

cr-dump.c cr-dump.c +2 -2

No files found.
--- a/cr-dump.c
+++ b/cr-dump.c
@@ -573,7 +573,7 @@ static int get_task_personality(pid_t pid, u32 *personality)
 	if (fd < 0)
 		goto err;

-	ret = read(fd, loc_buf, sizeof(loc_buf));
+	ret = read(fd, loc_buf, sizeof(loc_buf) - 1);
 	close(fd);

 	if (ret >= 0) {
@@ -756,7 +756,7 @@ static int parse_children(pid_t pid, pid_t **_c, int *_n)
 		if (fd < 0)
 			goto err;

-		len = read(fd, loc_buf, sizeof(loc_buf));
+		len = read(fd, loc_buf, sizeof(loc_buf) - 1);
 		close(fd);
 		if (len < 0)
 			goto err;