[systemd-devel] [PATCH 1/3] bootchart: parse userinput with safe_atoi

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Fri Sep 26 15:27:33 PDT 2014


On Fri, Sep 26, 2014 at 10:01:30PM +0200, Thomas H.P. Andersen wrote:
> From: Thomas Hindoe Paaboel Andersen <phomes at gmail.com>
> 
> Found by coverity. Fixes: CID#996409
> ---
>  src/bootchart/store.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/src/bootchart/store.c b/src/bootchart/store.c
> index ed683e8..3099ff1 100644
> --- a/src/bootchart/store.c
> +++ b/src/bootchart/store.c
> @@ -192,12 +192,14 @@ vmstat_next:
>  
>          m = buf;
>          while (m) {
> +                int r;
> +
>                  if (sscanf(m, "%s %*s %*s %*s %*s %*s %*s %s %s", key, rt, wt) < 3)
>                          goto schedstat_next;
>  
>                  if (strstr(key, "cpu")) {
> -                        c = atoi((const char*)(key+3));
> -                        if (c > MAXCPUS)
> +                        r = safe_atoi((const char*)(key+3), &c);
> +                        if (r < 0 || c > MAXCPUS)
>                                  /* Oops, we only have room for MAXCPUS data */
>                                  break;
>                          sampledata->runtime[c] = atoll(rt);
Looks OK.

Zbyszek


More information about the systemd-devel mailing list