[lxc-devel] [PATCH 2/4] coverity: ensure string is null terminated, return in error case

Dwight Engen dwight.engen at oracle.com
Fri May 3 16:50:31 UTC 2013


On Fri, 3 May 2013 11:25:36 -0500
Serge Hallyn <serge.hallyn at ubuntu.com> wrote:

> Quoting Dwight Engen (dwight.engen at oracle.com):
> > >From ac0d2e143fa450fc19dd3f9330a8fed8bd4a178b Mon Sep 17 00:00:00
> > >2001
> > From: Dwight Engen <dwight.engen at oracle.com>
> > Date: Fri, 3 May 2013 11:29:39 -0400
> > Subject: [PATCH 2/4] coverity: ensure string is null terminated,
> > return in error case
> > 
> > Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> 
> I do think it was ok since it reads the full length of the file -
> though admittedly that could change out from under us, couldn'tn it.
> Anyway, worth it :)

Right, but the file likely does not have any \0 in it, and then
contents gets passed to strstr() via find_first_wholeword() so thats
why I thought it should be null terminated.
 
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> 
> thanks
> 
> > ---
> >  src/lxc/lxccontainer.c | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> > 
> > diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> > index 452323c..73c347d 100644
> > --- a/src/lxc/lxccontainer.c
> > +++ b/src/lxc/lxccontainer.c
> > @@ -1160,10 +1160,11 @@ static int update_name_and_paths(const char
> > *path, struct lxc_container *oldc, SYSERROR("rewinding old config");
> >  		return -1;
> >  	}
> > -	contents = malloc(flen);
> > +	contents = malloc(flen+1);
> >  	if (!contents) {
> >  		SYSERROR("out of memory");
> >  		fclose(f);
> > +		return -1;
> >  	}
> >  	if (fread(contents, 1, flen, f) != flen) {
> >  		free(contents);
> > @@ -1171,6 +1172,7 @@ static int update_name_and_paths(const char
> > *path, struct lxc_container *oldc, SYSERROR("reading old config");
> >  		return -1;
> >  	}
> > +	contents[flen] = '\0';
> >  	if (fclose(f) < 0) {
> >  		free(contents);
> >  		SYSERROR("closing old config");
> > -- 
> > 1.8.1.4
> > 
> > 
> > ------------------------------------------------------------------------------
> > Get 100% visibility into Java/.NET code with AppDynamics Lite
> > It's a free troubleshooting tool designed for production
> > Get down to code-level detail for bottlenecks, with <2% overhead.
> > Download for free and get started troubleshooting in minutes.
> > http://p.sf.net/sfu/appdyn_d2d_ap2
> > _______________________________________________
> > Lxc-devel mailing list
> > Lxc-devel at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/lxc-devel





More information about the lxc-devel mailing list