From: Petri Latvala <petri.latvala@intel.com>
To: igt-dev@lists.freedesktop.org
Cc: Petri Latvala <petri.latvala@intel.com>
Subject: [igt-dev] [PATCH i-g-t v2 5/5] lib/igt_pm: Avoid out-of-bounds reads and writes
Date: Thu, 7 Mar 2019 15:01:30 +0200 [thread overview]
Message-ID: <20190307130130.6473-1-petri.latvala@intel.com> (raw)
In-Reply-To: <20190307112427.29146-5-petri.latvala@intel.com>
Read sizeof - 1 to buffers so null-termination stays in bounds.
v2: Also clear the buffers before reusing (Chris).
Signed-off-by: Petri Latvala <petri.latvala@intel.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
---
lib/igt_pm.c | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/lib/igt_pm.c b/lib/igt_pm.c
index 49027238..fd22273a 100644
--- a/lib/igt_pm.c
+++ b/lib/igt_pm.c
@@ -101,7 +101,12 @@ static int __igt_pm_audio_restore_runtime_pm(void)
close(fd);
- __igt_pm_audio_runtime_power_save[0] = 0;
+ memset(__igt_pm_audio_runtime_power_save, 0,
+ sizeof(__igt_pm_audio_runtime_power_save));
+
+ memset(__igt_pm_audio_runtime_control, 0,
+ sizeof(__igt_pm_audio_runtime_control));
+
free(__igt_pm_audio_runtime_control_path);
__igt_pm_audio_runtime_control_path = NULL;
@@ -176,9 +181,10 @@ static int __igt_pm_enable_audio_runtime_pm(void)
if (fd < 0)
continue;
- ret = read(fd, buf, sizeof(buf));
+ ret = read(fd, buf, sizeof(buf) - 1);
close(fd);
igt_assert(ret > 0);
+ buf[ret] = '\0';
strchomp(buf);
/* Realtek and similar devices are not what we are after. */
@@ -206,7 +212,7 @@ static int __igt_pm_enable_audio_runtime_pm(void)
}
igt_assert(read(fd, __igt_pm_audio_runtime_power_save,
- sizeof(__igt_pm_audio_runtime_power_save)) > 0);
+ sizeof(__igt_pm_audio_runtime_power_save) - 1) > 0);
strchomp(__igt_pm_audio_runtime_power_save);
igt_install_exit_handler(__igt_pm_audio_runtime_exit_handler);
igt_assert_eq(write(fd, "1\n", 2), 2);
@@ -219,7 +225,7 @@ static int __igt_pm_enable_audio_runtime_pm(void)
}
igt_assert(read(fd, __igt_pm_audio_runtime_control,
- sizeof(__igt_pm_audio_runtime_control)) > 0);
+ sizeof(__igt_pm_audio_runtime_control) - 1) > 0);
strchomp(__igt_pm_audio_runtime_control);
igt_assert_eq(write(fd, "auto\n", 5), 5);
close(fd);
@@ -527,7 +533,7 @@ bool igt_setup_runtime_pm(void)
* them on test exit.
*/
size = read(fd, __igt_pm_runtime_autosuspend,
- sizeof(__igt_pm_runtime_autosuspend));
+ sizeof(__igt_pm_runtime_autosuspend) - 1);
/*
* If we fail to read from the file, it means this system doesn't
@@ -539,6 +545,8 @@ bool igt_setup_runtime_pm(void)
return false;
}
+ __igt_pm_runtime_autosuspend[size] = '\0';
+
strchomp(__igt_pm_runtime_autosuspend);
igt_install_exit_handler(__igt_pm_runtime_exit_handler);
@@ -554,7 +562,7 @@ bool igt_setup_runtime_pm(void)
igt_assert_f(fd >= 0, "Can't open " POWER_DIR "/control\n");
igt_assert(read(fd, __igt_pm_runtime_control,
- sizeof(__igt_pm_runtime_control)) > 0);
+ sizeof(__igt_pm_runtime_control) - 1) > 0);
strchomp(__igt_pm_runtime_control);
igt_debug("Saved runtime power management as '%s' and '%s'\n",
@@ -588,7 +596,7 @@ enum igt_runtime_pm_status igt_get_runtime_pm_status(void)
char buf[32];
lseek(pm_status_fd, 0, SEEK_SET);
- n_read = read(pm_status_fd, buf, ARRAY_SIZE(buf));
+ n_read = read(pm_status_fd, buf, ARRAY_SIZE(buf) - 1);
igt_assert(n_read >= 0);
buf[n_read] = '\0';
--
2.19.1
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
next prev parent reply other threads:[~2019-03-07 13:01 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-07 11:24 [igt-dev] [PATCH i-g-t 1/5] lib/aux: Plug memory leak in __igt_lsof_fds Petri Latvala
2019-03-07 11:24 ` [igt-dev] [PATCH i-g-t 2/5] lib/aux: Plug memory leak in get_suspend_test Petri Latvala
2019-03-07 12:09 ` Chris Wilson
2019-03-07 12:10 ` Chris Wilson
2019-03-07 12:37 ` [igt-dev] [PATCH i-g-t v2 " Petri Latvala
2019-03-07 12:39 ` Chris Wilson
2019-03-07 11:24 ` [igt-dev] [PATCH i-g-t 3/5] lib/debugfs: Ensure null-termination in igt_hpd_storm_detected Petri Latvala
2019-03-07 12:11 ` Chris Wilson
2019-03-07 11:24 ` [igt-dev] [PATCH i-g-t 4/5] lib/fb: Add missing break in get_yuv_parameters Petri Latvala
2019-03-07 11:24 ` [igt-dev] [PATCH i-g-t 5/5] lib/igt_pm: Avoid out-of-bounds reads and writes Petri Latvala
2019-03-07 12:16 ` Chris Wilson
2019-03-07 13:01 ` Petri Latvala [this message]
2019-03-07 13:13 ` [igt-dev] [PATCH i-g-t v2 " Chris Wilson
2019-03-07 12:08 ` [igt-dev] [PATCH i-g-t 1/5] lib/aux: Plug memory leak in __igt_lsof_fds Chris Wilson
2019-03-07 17:04 ` [igt-dev] ✓ Fi.CI.BAT: success for series starting with [i-g-t,1/5] lib/aux: Plug memory leak in __igt_lsof_fds (rev4) Patchwork
2019-03-07 18:10 ` [igt-dev] ✓ Fi.CI.IGT: " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190307130130.6473-1-petri.latvala@intel.com \
--to=petri.latvala@intel.com \
--cc=igt-dev@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox