From 2edf492fe78faffdeb53f3f2f09bf92a3ce75ece Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:54 -0400 Subject: [PATCH] Fix: illegal memory access in consumer_set_subdir MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1243015 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)8. buffer_size_warning: Calling strncpy with a maximum size argument of 4096 bytes on destination array consumer->subdir of size 4096 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/bin/lttng-sessiond/consumer.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/bin/lttng-sessiond/consumer.c b/src/bin/lttng-sessiond/consumer.c index a8c5fb871..934af39bd 100644 --- a/src/bin/lttng-sessiond/consumer.c +++ b/src/bin/lttng-sessiond/consumer.c @@ -1089,7 +1089,11 @@ int consumer_set_subdir(struct consumer_output *consumer, goto error; } - strncpy(consumer->subdir, tmp_path, sizeof(consumer->subdir)); + if (lttng_strncpy(consumer->subdir, tmp_path, + sizeof(consumer->subdir))) { + ret = -EINVAL; + goto error; + } DBG2("Consumer subdir set to %s", consumer->subdir); error: -- 2.34.1