[igt-dev] [PATCH i-g-t] tests/testdisplay: fix heap overflow
Chris Wilson
chris at chris-wilson.co.uk
Wed Mar 20 09:29:14 UTC 2019
Quoting Jani Nikula (2019-03-20 09:26:32)
> On Wed, 20 Mar 2019, "Ser, Simon" <simon.ser at intel.com> wrote:
> > We need to copy the terminating NULL byte too.
> >
> > Signed-off-by: Simon Ser <simon.ser at intel.com>
> > ---
> > tests/testdisplay.c | 8 ++++----
> > 1 file changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/tests/testdisplay.c b/tests/testdisplay.c
> > index b3657264..ff208384 100644
> > --- a/tests/testdisplay.c
> > +++ b/tests/testdisplay.c
> > @@ -563,17 +563,17 @@ static gboolean input_event(GIOChannel *source,
> > GIOCondition condition,
> > return TRUE;
> > }
> >
> > -static void enter_exec_path( char **argv )
> > +static void enter_exec_path(char **argv)
> > {
> > char *exec_path = NULL;
> > char *pos = NULL;
> > short len_path = 0;
> > int ret;
> >
> > - len_path = strlen( argv[0] );
> > - exec_path = (char*) malloc(len_path);
> > + len_path = strlen(argv[0]);
> > + exec_path = (char*) malloc(len_path + 1);
> >
> > - memcpy(exec_path, argv[0], len_path);
> > + memcpy(exec_path, argv[0], len_path + 1);
>
> Ditch all of the above and replace with
>
> exec_path = strdup(argv[0]);
>
> > pos = strrchr(exec_path, '/');
> > if (pos != NULL)
> > *(pos+1) = '\0';
And even one step further with dirname(3).
-Chris
More information about the igt-dev
mailing list