diff options
author | Thomas Jarosch <thomas.jarosch@intra2net.com> | 2011-10-17 16:48:10 +0200 |
---|---|---|
committer | Pekka Enberg <penberg@kernel.org> | 2011-10-18 19:57:59 +0300 |
commit | fe353178653b15add8626f5474842601be160281 (patch) | |
tree | 49c4d36e9f3929df1f561033722cbf72c65fee96 /mm/kmemleak-test.c | |
parent | ab067e99d22ec78ff646de1283348729d1aa66d4 (diff) |
tools, slub: Fix off-by-one buffer corruption after readlink() call
readlink() never zero terminates the provided buffer.
Therefore we already do
buffer[count] = 0;
This leads to an off-by-one buffer corruption as readlink()
might return the full size of the buffer.
The common technique is to reduce the buffer size by one.
Another fix would be to check
if (count < 0 || count == sizeof(buffer))
fatal();
Reducing the buffer size by one is easier IMHO.
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Christoph Lameter <cl@gentwo.org>
Signed-off-by: Pekka Enberg <penberg@kernel.org>
Diffstat (limited to 'mm/kmemleak-test.c')
0 files changed, 0 insertions, 0 deletions