[Intel-gfx] [PATCH i-g-t rfc 01/29] lib/igt_debugfs: Prevent buffer overflow
Robert Foss
robert.foss at collabora.com
Thu Jan 12 16:30:35 UTC 2017
On 2017-01-12 04:14 AM, Lankhorst, Maarten wrote:
> Robert Foss schreef op wo 11-01-2017 om 15:41 [-0500]:
>> buf array may overflow with when writing '\0' if
>> MAX_LINE_LEN bytes are read during read().
> How?
>
> char buf[MAX_LINE_LEN + 1];
I actually missed the + 1, but parts of the commit are still relevant
though, as the errno at least in theory could be != EAGAIN.
So I'd like to keep the below check, to prevent compiler warnings.
if (bytes_read < 0)
Sounds ok?
Rob.
>
>> Signed-off-by: Robert Foss <robert.foss at collabora.com>
>> ---
>> lib/igt_debugfs.c | 8 +++++---
>> 1 file changed, 5 insertions(+), 3 deletions(-)
>>
>> diff --git a/lib/igt_debugfs.c b/lib/igt_debugfs.c
>> index d828687a..8b8a627a 100644
>> --- a/lib/igt_debugfs.c
>> +++ b/lib/igt_debugfs.c
>> @@ -594,13 +594,15 @@ static int read_crc(igt_pipe_crc_t *pipe_crc,
>> igt_crc_t *out)
>> read_len = MAX_LINE_LEN;
>>
>> igt_set_timeout(5, "CRC reading");
>> - bytes_read = read(pipe_crc->crc_fd, &buf, read_len);
>> + bytes_read = read(pipe_crc->crc_fd, &buf, read_len - 1);
>> igt_reset_timeout();
>>
>> - if (bytes_read < 0 && errno == EAGAIN) {
>> + if (bytes_read < 0 && errno == EAGAIN)
>> igt_assert(pipe_crc->flags & O_NONBLOCK);
>> +
>> + if (bytes_read < 0)
>> bytes_read = 0;
>> - }
>> +
>> buf[bytes_read] = '\0';
>>
>> if (bytes_read && !pipe_crc_init_from_string(pipe_crc, out,
>> buf))
More information about the Intel-gfx
mailing list