From 0a85e7a38cb71bee129af0d2c6fe9de1306ea80c Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:46 -0400 Subject: [PATCH] Fix: illegal memory access in list_events MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1243022 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)23. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array (tmp_events + i).name of size 256 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/bin/lttng-sessiond/agent.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/bin/lttng-sessiond/agent.c b/src/bin/lttng-sessiond/agent.c index 6841d4192..8e1ef0849 100644 --- a/src/bin/lttng-sessiond/agent.c +++ b/src/bin/lttng-sessiond/agent.c @@ -353,8 +353,11 @@ static ssize_t list_events(struct agent_app *app, struct lttng_event **events) for (i = 0; i < nb_event; i++) { offset += len; - strncpy(tmp_events[i].name, reply->payload + offset, - sizeof(tmp_events[i].name)); + if (lttng_strncpy(tmp_events[i].name, reply->payload + offset, + sizeof(tmp_events[i].name))) { + ret = LTTNG_ERR_INVALID; + goto error; + } tmp_events[i].pid = app->pid; tmp_events[i].enabled = -1; len = strlen(reply->payload + offset) + 1; -- 2.34.1