[Spice-devel] [spice-gtk 2/4] coverity: avoid string overflow
Frediano Ziglio
fziglio at redhat.com
Mon Apr 25 08:59:24 UTC 2016
>
> On Mon, Apr 4, 2016 at 9:59 AM, Fabiano FidĂȘncio <fidencio at redhat.com> wrote:
> > sockaddr_un.sun_path has 108 bytes, while pipe_name has
> > PIPE_NAME_MAX_LEN (256 bytes)
> > ---
> > src/controller/test.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/src/controller/test.c b/src/controller/test.c
> > index 9a45581..649aca5 100644
> > --- a/src/controller/test.c
> > +++ b/src/controller/test.c
> > @@ -233,6 +233,12 @@ int main (int argc, char *argv[])
> > snprintf (pipe_name, PIPE_NAME_MAX_LEN, PIPE_NAME);
So changing PIPE_NAME_MAX_LEN here to something like MIN(PIPE_NAME_MAX_LEN, sizeof(remote.sun_path))
would work too.
> > printf ("Creating a controller connection %s\n", pipe_name);
> > struct sockaddr_un remote;
> > +
> > + if (strlen(pipe_name) + 1 > sizeof(remote.sun_path)) {
> > + printf ("address is too long for unix socket_path: %s",
> > pipe_name);
> > + return -1;
> > + }
> > +
> > if ((sock = socket (AF_UNIX, SOCK_STREAM, 0)) == -1) {
> > printf ("Could not open socket, (%d) %s\n", errno,
> > strerror(errno));
> > return -1;
> > --
> > 2.7.3
> >
>
> ping?
By the way... code is only for a test and PIPE_NAME is "/tmp/test",
IMHO the coverity report should be marked as "Intentional", "ignore"
Frediano
More information about the Spice-devel
mailing list