From e051e07cc7a14b604cc2d7d851075f9d4289725d Mon Sep 17 00:00:00 2001 From: David Goulet Date: Tue, 14 May 2013 11:34:51 -0400 Subject: [PATCH] Fix: possible out of bounds write in enable-event In loglevel_str_to_value: Out-of-bounds write to a buffer (CWE-119). Issue 1019927 of coverity scan. Signed-off-by: David Goulet --- src/bin/lttng/commands/enable_events.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/bin/lttng/commands/enable_events.c b/src/bin/lttng/commands/enable_events.c index 2af85fe47..18793ae09 100644 --- a/src/bin/lttng/commands/enable_events.c +++ b/src/bin/lttng/commands/enable_events.c @@ -268,7 +268,11 @@ int loglevel_str_to_value(const char *inputstr) int i = 0; char str[LTTNG_SYMBOL_NAME_LEN]; - while (i < LTTNG_SYMBOL_NAME_LEN && inputstr[i] != '\0') { + /* + * Loop up to LTTNG_SYMBOL_NAME_LEN minus one because the NULL bytes is + * added at the end of the loop so a the upper bound we avoid the overflow. + */ + while (i < (LTTNG_SYMBOL_NAME_LEN - 1) && inputstr[i] != '\0') { str[i] = toupper(inputstr[i]); i++; } -- 2.34.1