https://bugs.linaro.org/show_bug.cgi?id=2424
On 07/29/16 17:58, Maxim Uvarov wrote:
Add additional check before coping from pointer to array for pool name. In general it should never happen until somebody will corrupt shared memory. Signed-off-by: Maxim Uvarov <[email protected]> --- platform/linux-generic/pktio/ipc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/platform/linux-generic/pktio/ipc.c b/platform/linux-generic/pktio/ipc.c index f9e7a00..d97e495 100644 --- a/platform/linux-generic/pktio/ipc.c +++ b/platform/linux-generic/pktio/ipc.c @@ -211,6 +211,12 @@ static int _ipc_init_master(pktio_entry_t *pktio_entry, /* Set up pool name for remote info */ pinfo = pktio_entry->s.ipc.pinfo; pool_name = _ipc_odp_buffer_pool_shm_name(pool); + if (strlen(pool_name) > ODP_POOL_NAME_LEN) { + ODP_DBG("pid %d ipc pool name %s is too big %d\n", + getpid(), pool_name, strlen(pool_name)); + goto free_s_prod; + } + memcpy(pinfo->master.pool_name, pool_name, strlen(pool_name)); pinfo->master.shm_pkt_pool_size = pool_entry->s.pool_size; pinfo->master.shm_pool_bufs_num = pool_entry->s.buf_num;
