wenchao-hao
/
lmkd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lmkd: Fix a potential buffer overflow 

Prevent that the statement that writes '\0' past the read data can write
past the end of the buffer.

Bug: 213617178
Test: Compile-tested only.
Change-Id: I6922c343a6bcb52dce0b5cf54f09b2850e9dfde2
Signed-off-by: Bart Van Assche <bvanassche@google.com>
This commit is contained in:
Bart Van Assche 2022-02-03 00:05:19 +00:00
parent 545067957c
commit 5ebc4e8f51
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lmkd.cpp
View File

@ -835,7 +835,7 @@ static void poll_kernel(int poll_fd) {
while (1) { while (1) {
char rd_buf[256]; char rd_buf[256];
int bytes_read = TEMP_FAILURE_RETRY(pread(poll_fd, (void*)rd_buf, sizeof(rd_buf), 0)); int bytes_read = TEMP_FAILURE_RETRY(pread(poll_fd, (void*)rd_buf, sizeof(rd_buf) - 1, 0));
if (bytes_read <= 0) break; if (bytes_read <= 0) break;
rd_buf[bytes_read] = '\0'; rd_buf[bytes_read] = '\0';