[Intel-gfx] [PATCH i-g-t v1 3/6] lib/igt_debugfs: Prevent buffer overflow
Robert Foss
robert.foss at collabora.com
Thu Jan 19 16:35:03 UTC 2017
buf array may overflow with when writing '\0' if
MAX_LINE_LEN bytes are read during read().
Signed-off-by: Robert Foss <robert.foss at collabora.com>
---
lib/igt_debugfs.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/igt_debugfs.c b/lib/igt_debugfs.c
index d828687a..982573d7 100644
--- a/lib/igt_debugfs.c
+++ b/lib/igt_debugfs.c
@@ -597,10 +597,12 @@ static int read_crc(igt_pipe_crc_t *pipe_crc, igt_crc_t *out)
bytes_read = read(pipe_crc->crc_fd, &buf, read_len);
igt_reset_timeout();
- if (bytes_read < 0 && errno == EAGAIN) {
+ if (bytes_read < 0 && errno == EAGAIN)
igt_assert(pipe_crc->flags & O_NONBLOCK);
+
+ if (bytes_read < 0)
bytes_read = 0;
- }
+
buf[bytes_read] = '\0';
if (bytes_read && !pipe_crc_init_from_string(pipe_crc, out, buf))
--
2.11.0
More information about the Intel-gfx
mailing list