[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] tools: libxenstat: fix format string overflow

On Fri, Feb 16, 2018 at 05:44:05PM +0000, Wei Liu wrote:
> On Fri, Feb 16, 2018 at 06:36:51PM +0100, Dario Faggioli wrote:
> > With gcc 7.3.0, the build fails like this:
> > 
> > src/xenstat_linux.c: In function ‘getBridge’
> > src/xenstat_linux.c:78:34: warning: ‘%s’ directive writing up to 255 bytes 
> > into a region of size 241 [-Wformat-overflow=]
> >      sprintf(tmp, "/sys/class/net/%s/bridge", de->d_name);
> >                                   ^~
> > src/xenstat_linux.c:78:5: note: ‘sprintf’ output between 23 and 278 bytes 
> > into a destination of size 256
> >      sprintf(tmp, "/sys/class/net/%s/bridge", de->d_name);
> >      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 
> > Fix using asprintf().
> > 
> > Signed-off-by: Dario Faggioli <dfaggioli@xxxxxxxx>
> > ---
> > Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
> > Cc: Wei Liu <wei.liu2@xxxxxxxxxx>
> > ---
> > In case no one else have noticed and fixed this (I have checked xen-devel 
> > and
> > found nothing)
> > ---
> >  tools/xenstat/libxenstat/src/xenstat_linux.c |    8 +++++---
> >  1 file changed, 5 insertions(+), 3 deletions(-)
> > 
> > diff --git a/tools/xenstat/libxenstat/src/xenstat_linux.c 
> > b/tools/xenstat/libxenstat/src/xenstat_linux.c
> > index 907d65fa63..396357511b 100644
> > --- a/tools/xenstat/libxenstat/src/xenstat_linux.c
> > +++ b/tools/xenstat/libxenstat/src/xenstat_linux.c
> > @@ -69,18 +69,20 @@ void getBridge(char *excludeName, char *result, size_t 
> > resultLen)
> >     struct dirent *de;
> >     DIR *d;
> >  
> > -   char tmp[256] = { 0 };
> > -
> >     d = opendir("/sys/class/net");
> >     while ((de = readdir(d)) != NULL) {
> >             if ((strlen(de->d_name) > 0) && (de->d_name[0] != '.')
> >                     && (strstr(de->d_name, excludeName) == NULL)) {
> > -                           sprintf(tmp, "/sys/class/net/%s/bridge", 
> > de->d_name);
> > +                           char *tmp;
> > +
> > +                           asprintf(&tmp, "/sys/class/net/%s/bridge", 
> > de->d_name);
> 
> Need to check the return value of asprintf.
> 
> Preferably you also need to define _GNU_SOURCE at the beginning of this
> file. This file is Linux only makes it less of a problem.

To be precise: not necessarily at the beginning of this file, just
before the actual inclusion of stdio.h.

Wei.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.