Message ID | 20200219134442.68744-1-wenyang@linux.alibaba.com |
---|---|
State | Accepted |
Headers | show |
Series | um: fix len of file in create_pid_file | expand |
On Wed, Feb 19, 2020 at 2:45 PM Wen Yang <wenyang@linux.alibaba.com> wrote: > > sizeof gives us the size of the pointer variable, not of the > area it points to. So the number of bytes copied by umid_file_name() > is 8. > We should pass in the correct length of the file buffer. > > Signed-off-by: Wen Yang <wenyang@linux.alibaba.com> > Cc: Jeff Dike <jdike@addtoit.com> (maintainer:USER-MODE LINUX (UML)) > Cc: Richard Weinberger <richard@nod.at> (maintainer:USER-MODE LINUX (UML),commit_signer:2/2=100%) > Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com> (maintainer:USER-MODE LINUX (UML)) > Cc: Bartosz Golaszewski <bgolaszewski@baylibre.com> (commit_signer:1/2=50%,authored:1/2=50%,added_lines:27/28=96%,removed_lines:9/10=90%) > Cc: Alex Dewar <alex.dewar@gmx.co.uk> (commit_signer:1/2=50%,authored:1/2=50%,removed_lines:1/10=10%) > Cc: linux-um@lists.infradead.org (open list:USER-MODE LINUX (UML)) > --- > arch/um/os-Linux/umid.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/arch/um/os-Linux/umid.c b/arch/um/os-Linux/umid.c > index 44def53a11cd..9e16078a4bf8 100644 > --- a/arch/um/os-Linux/umid.c > +++ b/arch/um/os-Linux/umid.c > @@ -220,11 +220,12 @@ static void __init create_pid_file(void) > char pid[sizeof("nnnnn\0")], *file; > int fd, n; > > - file = malloc(strlen(uml_dir) + UMID_LEN + sizeof("/pid\0")); > + n = strlen(uml_dir) + UMID_LEN + sizeof("/pid\0"); > + file = malloc(n); > if (!file) > return; > > - if (umid_file_name("pid", file, sizeof(file))) > + if (umid_file_name("pid", file, n)) > goto out; > Good catch, applied.
diff --git a/arch/um/os-Linux/umid.c b/arch/um/os-Linux/umid.c index 44def53a11cd..9e16078a4bf8 100644 --- a/arch/um/os-Linux/umid.c +++ b/arch/um/os-Linux/umid.c @@ -220,11 +220,12 @@ static void __init create_pid_file(void) char pid[sizeof("nnnnn\0")], *file; int fd, n; - file = malloc(strlen(uml_dir) + UMID_LEN + sizeof("/pid\0")); + n = strlen(uml_dir) + UMID_LEN + sizeof("/pid\0"); + file = malloc(n); if (!file) return; - if (umid_file_name("pid", file, sizeof(file))) + if (umid_file_name("pid", file, n)) goto out; fd = open(file, O_RDWR | O_CREAT | O_EXCL, 0644);
sizeof gives us the size of the pointer variable, not of the area it points to. So the number of bytes copied by umid_file_name() is 8. We should pass in the correct length of the file buffer. Signed-off-by: Wen Yang <wenyang@linux.alibaba.com> Cc: Jeff Dike <jdike@addtoit.com> (maintainer:USER-MODE LINUX (UML)) Cc: Richard Weinberger <richard@nod.at> (maintainer:USER-MODE LINUX (UML),commit_signer:2/2=100%) Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com> (maintainer:USER-MODE LINUX (UML)) Cc: Bartosz Golaszewski <bgolaszewski@baylibre.com> (commit_signer:1/2=50%,authored:1/2=50%,added_lines:27/28=96%,removed_lines:9/10=90%) Cc: Alex Dewar <alex.dewar@gmx.co.uk> (commit_signer:1/2=50%,authored:1/2=50%,removed_lines:1/10=10%) Cc: linux-um@lists.infradead.org (open list:USER-MODE LINUX (UML)) --- arch/um/os-Linux/umid.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)