[xen master] tools/blktap2: fix hypothetical buffer overflow

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[xen master] tools/blktap2: fix hypothetical buffer overflow

patchbot
commit 3a633c261426f06627d88bf7feca6ff87f692f16
Author:     Marek Marczykowski-Górecki <[hidden email]>
AuthorDate: Thu Apr 5 03:50:51 2018 +0200
Commit:     Wei Liu <[hidden email]>
CommitDate: Fri Apr 6 09:06:12 2018 +0100

    tools/blktap2: fix hypothetical buffer overflow
   
    gcc-8 complains:
   
        vhd-util-read.c: In function 'vhd_util_read':
        vhd-util-read.c:50:24: error: '%lu' directive output may be truncated writing between 1 and 20 bytes into a region of size 15 [-Werror=format-truncation=]
          snprintf(nbuf, nsize, "%" PRIu64, num);
                                ^~~
        vhd-util-read.c:50:25: note: format string is defined here
          snprintf(nbuf, nsize, "%" PRIu64, num);
        vhd-util-read.c:50:24: note: directive argument in the range [0, 18446744073709551614]
          snprintf(nbuf, nsize, "%" PRIu64, num);
                                ^~~
        vhd-util-read.c:50:2: note: 'snprintf' output between 2 and 21 bytes into a destination of size 15
          snprintf(nbuf, nsize, "%" PRIu64, num);
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        vhd-util-read.c:43:24: error: '%#lx' directive output may be truncated writing between 1 and 18 bytes into a region of size 15 [-Werror=format-truncation=]
          snprintf(nbuf, nsize, "%#" PRIx64 , num);
                                ^~~~
        vhd-util-read.c:43:25: note: format string is defined here
          snprintf(nbuf, nsize, "%#" PRIx64 , num);
        vhd-util-read.c:43:24: note: directive argument in the range [0, 18446744073709551614]
          snprintf(nbuf, nsize, "%#" PRIx64 , num);
                                ^~~~
        vhd-util-read.c:43:2: note: 'snprintf' output between 2 and 19 bytes into a destination of size 15
          snprintf(nbuf, nsize, "%#" PRIx64 , num);
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   
    Make the buffer larger.
   
    Signed-off-by: Marek Marczykowski-Górecki <[hidden email]>
    Acked-by: Wei Liu <[hidden email]>
    Release-Acked-by: Juergen Gross <[hidden email]>
---
 tools/blktap2/vhd/lib/vhd-util-read.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/blktap2/vhd/lib/vhd-util-read.c b/tools/blktap2/vhd/lib/vhd-util-read.c
index ac4d833cbc..f29066169f 100644
--- a/tools/blktap2/vhd/lib/vhd-util-read.c
+++ b/tools/blktap2/vhd/lib/vhd-util-read.c
@@ -34,7 +34,7 @@
 #include "libvhd.h"
 #include "vhd-util.h"
 
-#define nsize     15
+#define nsize     24
 static char nbuf[nsize];
 
 static inline char *
--
generated by git-patchbot for /home/xen/git/xen.git#master


_______________________________________________
Xen-changelog mailing list
[hidden email]
https://lists.xenproject.org/xen-changelog