[igt-dev] [PATCH i-g-t] tests/testdisplay: fix heap overflow

Jani Nikula jani.nikula at linux.intel.com
Wed Mar 20 09:26:32 UTC 2019


On Wed, 20 Mar 2019, "Ser, Simon" <simon.ser at intel.com> wrote:
> We need to copy the terminating NULL byte too.
>
> Signed-off-by: Simon Ser <simon.ser at intel.com>
> ---
>  tests/testdisplay.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/tests/testdisplay.c b/tests/testdisplay.c
> index b3657264..ff208384 100644
> --- a/tests/testdisplay.c
> +++ b/tests/testdisplay.c
> @@ -563,17 +563,17 @@ static gboolean input_event(GIOChannel *source,
> GIOCondition condition,
>  	return TRUE;
>  }
>  
> -static void enter_exec_path( char **argv )
> +static void enter_exec_path(char **argv)
>  {
>  	char *exec_path = NULL;
>  	char *pos = NULL;
>  	short len_path = 0;
>  	int ret;
>  
> -	len_path = strlen( argv[0] );
> -	exec_path = (char*) malloc(len_path);
> +	len_path = strlen(argv[0]);
> +	exec_path = (char*) malloc(len_path + 1);
>  
> -	memcpy(exec_path, argv[0], len_path);
> +	memcpy(exec_path, argv[0], len_path + 1);

Ditch all of the above and replace with

	exec_path = strdup(argv[0]);

BR,
Jani.


>  	pos = strrchr(exec_path, '/');
>  	if (pos != NULL)
>  		*(pos+1) = '\0';

-- 
Jani Nikula, Intel Open Source Graphics Center


More information about the igt-dev mailing list