[systemd-devel] [PATCH 1/3] bootchart: parse userinput with safe_atoi
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Fri Sep 26 15:27:33 PDT 2014
On Fri, Sep 26, 2014 at 10:01:30PM +0200, Thomas H.P. Andersen wrote:
> From: Thomas Hindoe Paaboel Andersen <phomes at gmail.com>
>
> Found by coverity. Fixes: CID#996409
> ---
> src/bootchart/store.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/src/bootchart/store.c b/src/bootchart/store.c
> index ed683e8..3099ff1 100644
> --- a/src/bootchart/store.c
> +++ b/src/bootchart/store.c
> @@ -192,12 +192,14 @@ vmstat_next:
>
> m = buf;
> while (m) {
> + int r;
> +
> if (sscanf(m, "%s %*s %*s %*s %*s %*s %*s %s %s", key, rt, wt) < 3)
> goto schedstat_next;
>
> if (strstr(key, "cpu")) {
> - c = atoi((const char*)(key+3));
> - if (c > MAXCPUS)
> + r = safe_atoi((const char*)(key+3), &c);
> + if (r < 0 || c > MAXCPUS)
> /* Oops, we only have room for MAXCPUS data */
> break;
> sampledata->runtime[c] = atoll(rt);
Looks OK.
Zbyszek
More information about the systemd-devel
mailing list