[lxc-devel] [lxc/master] Fix possible buffer overflow / compile failure with gcc 7.1.0

ljward10 on Github lxc-bot at linuxcontainers.org
Wed Jun 28 21:52:04 UTC 2017 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 857 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170628/98e19eef/attachment.bin>
-------------- next part --------------
From 4c7cf65620251687e62f5fd78544eda0e7cfe3a0 Mon Sep 17 00:00:00 2001
From: Lance Ward <ljward10 at gmail.com>
Date: Wed, 28 Jun 2017 16:47:49 -0500
Subject: [PATCH] Fix compile failure with gcc 7.1.0 by expanding buffer size
 by one byte to prevent possible overflow in file src/lxc/cgroups/cgfsng.c.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes gcc 7.1.0 error:

cgroups/cgfsng.c:1381:23: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
   snprintf(offset, 5, "-%d", idx);
                       ^~~~~
cgroups/cgfsng.c:1381:3: note: ‘snprintf’ output between 3 and 6 bytes into a destination of size 5
   snprintf(offset, 5, "-%d", idx);

Signed-off-by: Lance Ward <ljward10 at gmail.com>
---
 src/lxc/cgroups/cgfsng.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index b087f9410..945341ff7 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1370,11 +1370,11 @@ static inline bool cgfsng_create(void *hdata)
 		ERROR("Failed expanding cgroup name pattern");
 		return false;
 	}
-	len = strlen(tmp) + 5; // leave room for -NNN\0
+	len = strlen(tmp) + 6; // leave room for -NNN\0
 	cgname = must_alloc(len);
 	strcpy(cgname, tmp);
 	free(tmp);
-	offset = cgname + len - 5;
+	offset = cgname + len - 6;
 
 again:
 	if (idx == 1000) {
@@ -1382,7 +1382,7 @@ static inline bool cgfsng_create(void *hdata)
 		goto out_free;
 	}
 	if (idx)
-		snprintf(offset, 5, "-%d", idx);
+		snprintf(offset, 6, "-%d", idx);
 	for (i = 0; hierarchies[i]; i++) {
 		if (!create_path_for_hierarchy(hierarchies[i], cgname)) {
 			int j;

More information about the lxc-devel mailing list