From cf3e357d3919a11710f675e85bd416e06135a8b5 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Mon, 16 May 2016 21:42:50 -0400 Subject: [PATCH] Fix: illegal memory access in cmd_snapshot_record MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: CID 1243027 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)20. buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array tmp_output.name of size 255 bytes might leave the destination string unterminated. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- src/bin/lttng-sessiond/cmd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/bin/lttng-sessiond/cmd.c b/src/bin/lttng-sessiond/cmd.c index 201cbd183..3c59d092c 100644 --- a/src/bin/lttng-sessiond/cmd.c +++ b/src/bin/lttng-sessiond/cmd.c @@ -3903,8 +3903,12 @@ int cmd_snapshot_record(struct ltt_session *session, /* Use temporary name. */ if (*output->name != '\0') { - strncpy(tmp_output.name, output->name, - sizeof(tmp_output.name)); + if (lttng_strncpy(tmp_output.name, output->name, + sizeof(tmp_output.name))) { + ret = LTTNG_ERR_INVALID; + rcu_read_unlock(); + goto error; + } } tmp_output.nb_snapshot = session->snapshot.nb_snapshot; -- 2.34.1