From 6f1105342bcca0c5ba8177ae134c197c19ba215f Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Thu, 20 Aug 2020 15:38:18 -0400 Subject: [PATCH] Fix: memcpy used on potentially overlapping regions MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Caught by reviewing unrelated code, these two uses of memcpy can operate on overlapping buffers. I checked all other uses of "raw" memcpy and those appear safe. Signed-off-by: Jérémie Galarneau Change-Id: I72b1204bc52a92015042adb6a67b022d140f5b4e --- src/bin/lttng-sessiond/notification-thread-events.c | 2 +- src/common/utils.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/bin/lttng-sessiond/notification-thread-events.c b/src/bin/lttng-sessiond/notification-thread-events.c index 86a114c07..95101178f 100644 --- a/src/bin/lttng-sessiond/notification-thread-events.c +++ b/src/bin/lttng-sessiond/notification-thread-events.c @@ -2869,7 +2869,7 @@ enum client_transmission_status client_flush_outgoing_queue( client->socket); to_send_count -= max(ret, 0); - memcpy(client->communication.outbound.payload.buffer.data, + memmove(client->communication.outbound.payload.buffer.data, pv.buffer.data + pv.buffer.size - to_send_count, to_send_count); diff --git a/src/common/utils.c b/src/common/utils.c index a068e410b..7006a2158 100644 --- a/src/common/utils.c +++ b/src/common/utils.c @@ -294,7 +294,7 @@ int expand_double_slashes_dot_and_dotdot(char *path) * Copy the current token which is neither a '.' nor a '..'. */ path[expanded_path_len++] = '/'; - memcpy(&path[expanded_path_len], curr_char, curr_token_len); + memmove(&path[expanded_path_len], curr_char, curr_token_len); expanded_path_len += curr_token_len; } -- 2.34.1