Am 14.03.2017 um 10:09 hat Stefan Hajnoczi geschrieben: > The following pattern is unsafe: > > char buf[32]; > ret = read(fd, buf, sizeof(buf)); > ... > buf[ret] = 0; > > If read(2) returns 32 then a byte beyond the end of the buffer is > zeroed. > > In practice this buffer overflow does not occur because the sysfs > max_segments file only contains an unsigned short + '\n'. The string is > always shorter than 32 bytes. > > Regardless, avoid this pattern because static analysis tools might > complain and it could lead to real buffer overflows if copy-pasted > elsewhere in the codebase. > > Signed-off-by: Stefan Hajnoczi <[email protected]>
Oops. I should have found this during review. Thanks for catching it. Thanks, applied to the block branch. Kevin
