linux-numa.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] libnuma: fix memory corruption
@ 2010-06-22  6:58 Jan Beulich
  2010-06-22  9:33 ` Andi Kleen
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Beulich @ 2010-06-22  6:58 UTC (permalink / raw)
  To: linux-numa; +Cc: Thomas Renninger

Applying strlen() to the result of strncpy() isn't valid...

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Cc: Thomas Renninger <trenn@suse.de>

--- 2.0.4-rc2.orig/libnuma.c	2010-04-09 14:25:48.000000000 +0200
+++ 2.0.4-rc2/libnuma.c	2010-06-09 10:22:33.000000000 +0200
@@ -461,10 +461,13 @@ set_task_constraints(void)
 				read_mask(mask, numa_all_nodes_ptr);
 		}
 		if (strncmp(buffer,"Mems_allowed_list:",18) == 0) {
-			nodes_allowed_list = malloc(strlen(buffer)-18);
-			strncpy(nodes_allowed_list, buffer + 19,
-				strlen(buffer) - 19);
-			nodes_allowed_list[strlen(nodes_allowed_list)-1] = '\0';
+			size_t len = strlen(mask);
+
+			nodes_allowed_list = malloc(len);
+			if (nodes_allowed_list) {
+				memcpy(nodes_allowed_list, mask, len-1);
+				nodes_allowed_list[len-1] = '\0';
+			}
 		}
 	}
 	fclose(f);


^ permalink raw reply	[flat|nested] 3+ messages in thread
* [PATCH] libnuma: fix memory corruption
@ 2010-06-22  7:03 Jan Beulich
  0 siblings, 0 replies; 3+ messages in thread
From: Jan Beulich @ 2010-06-22  7:03 UTC (permalink / raw)
  To: linux-numa; +Cc: trenn

Applying strlen() to the result of strncpy() isn't valid...

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Cc: Thomas Renninger <trenn@suse.de>

--- 2.0.4-rc2.orig/libnuma.c	2010-04-09 14:25:48.000000000 +0200
+++ 2.0.4-rc2/libnuma.c	2010-06-09 10:22:33.000000000 +0200
@@ -461,10 +461,13 @@ set_task_constraints(void)
 				read_mask(mask, numa_all_nodes_ptr);
 		}
 		if (strncmp(buffer,"Mems_allowed_list:",18) == 0) {
-			nodes_allowed_list = malloc(strlen(buffer)-18);
-			strncpy(nodes_allowed_list, buffer + 19,
-				strlen(buffer) - 19);
-			nodes_allowed_list[strlen(nodes_allowed_list)-1] = '\0';
+			size_t len = strlen(mask);
+
+			nodes_allowed_list = malloc(len);
+			if (nodes_allowed_list) {
+				memcpy(nodes_allowed_list, mask, len-1);
+				nodes_allowed_list[len-1] = '\0';
+			}
 		}
 	}
 	fclose(f);


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] libnuma: fix memory corruption
  2010-06-22  6:58 [PATCH] libnuma: fix memory corruption Jan Beulich
@ 2010-06-22  9:33 ` Andi Kleen
  0 siblings, 0 replies; 3+ messages in thread
From: Andi Kleen @ 2010-06-22  9:33 UTC (permalink / raw)
  To: Jan Beulich; +Cc: linux-numa, Thomas Renninger


Patches all look good to me. Thanks for fixing those bugs.

-Andi
-- 
ak@linux.intel.com -- Speaking for myself only.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-06-22  9:33 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-22  6:58 [PATCH] libnuma: fix memory corruption Jan Beulich
2010-06-22  9:33 ` Andi Kleen
  -- strict thread matches above, loose matches on Subject: below --
2010-06-22  7:03 Jan Beulich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).