* [PATCH] tools:misc:xenlockprof: fix possible format string overflow
@ 2017-04-04 17:31 Seraphime Kirkovski
2017-04-05 11:21 ` Wei Liu
0 siblings, 1 reply; 2+ messages in thread
From: Seraphime Kirkovski @ 2017-04-04 17:31 UTC (permalink / raw)
To: xen-devel; +Cc: Ian Jackson, Wei Liu, Seraphime Kirkovski
GCC7 complains about a possible overflow/truncation in xenlockprof.
xenlockprof.c: In function ‘main’:
xenlockprof.c:100:53: error: ‘%s’ directive writing up to 39 bytes into a
region of size between 17 and 37 [-Werror=format-overflow=]
sprintf(name, "unknown type(%d) %d lock %s", data[j].type,
^~
xenlockprof.c:100:13: note: ‘sprintf’ output between 24 and 83 bytes
into a destination of size 60
sprintf(name, "unknown type(%d) %d lock %s", data[j].type,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
data[j].idx, data[j].name);
~~~~~~~~~~~~~~~~~~~~~~~~~~
This increases the size of name to 100. Not the most scalable solution,
but certainly the "cheapest", as it doesn't add dependencies for
asprintf.
Signed-off-by: Seraphime Kirkovski <kirkseraph@gmail.com>
---
tools/misc/xenlockprof.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/misc/xenlockprof.c b/tools/misc/xenlockprof.c
index 41fcb792cc..df23c82912 100644
--- a/tools/misc/xenlockprof.c
+++ b/tools/misc/xenlockprof.c
@@ -24,7 +24,7 @@ int main(int argc, char *argv[])
uint32_t i, j, n;
uint64_t time;
double l, b, sl, sb;
- char name[60];
+ char name[100];
DECLARE_HYPERCALL_BUFFER(xc_lockprof_data_t, data);
if ( (argc > 2) || ((argc == 2) && (strcmp(argv[1], "-r") != 0)) )
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] tools:misc:xenlockprof: fix possible format string overflow
2017-04-04 17:31 [PATCH] tools:misc:xenlockprof: fix possible format string overflow Seraphime Kirkovski
@ 2017-04-05 11:21 ` Wei Liu
0 siblings, 0 replies; 2+ messages in thread
From: Wei Liu @ 2017-04-05 11:21 UTC (permalink / raw)
To: Seraphime Kirkovski; +Cc: Ian Jackson, Wei Liu, xen-devel
On Tue, Apr 04, 2017 at 07:31:59PM +0200, Seraphime Kirkovski wrote:
> GCC7 complains about a possible overflow/truncation in xenlockprof.
>
> xenlockprof.c: In function ‘main’:
> xenlockprof.c:100:53: error: ‘%s’ directive writing up to 39 bytes into a
> region of size between 17 and 37 [-Werror=format-overflow=]
> sprintf(name, "unknown type(%d) %d lock %s", data[j].type,
> ^~
> xenlockprof.c:100:13: note: ‘sprintf’ output between 24 and 83 bytes
> into a destination of size 60
> sprintf(name, "unknown type(%d) %d lock %s", data[j].type,
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> data[j].idx, data[j].name);
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> This increases the size of name to 100. Not the most scalable solution,
> but certainly the "cheapest", as it doesn't add dependencies for
> asprintf.
>
> Signed-off-by: Seraphime Kirkovski <kirkseraph@gmail.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-04-05 11:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-04 17:31 [PATCH] tools:misc:xenlockprof: fix possible format string overflow Seraphime Kirkovski
2017-04-05 11:21 ` Wei Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).