Fix: Integer overflowed argument

[lttng-tools.git] / src / bin / lttng-sessiond / syscall.c

diff --git a/src/bin/lttng-sessiond/syscall.c b/src/bin/lttng-sessiond/syscall.c
index c6720481985d89a562ca87e0b1d648981abb7e22..7db510936ead56454b8a94a91317cc254f920806 100644 (file)
--- a/src/bin/lttng-sessiond/syscall.c
+++ b/src/bin/lttng-sessiond/syscall.c
@@ -72,7 +72,7 @@ int syscall_init_table(void)
        }
 
        while (fscanf(fp,
-                               "syscall { index = %lu; \
+                               "syscall { index = %zu; \
                                name = %" XSTR(SYSCALL_NAME_LEN) "[^;]; \
                                bitness = %u; };\n",
                                &index, name, &bitness) == 3) {
@@ -82,7 +82,7 @@ int syscall_init_table(void)
 
                        /* Double memory size. */
                        new_nbmem = max(index, nbmem << 1);
-                       if (new_nbmem < nbmem) {
+                       if (new_nbmem > (SIZE_MAX / sizeof(*new_list))) {
                                /* Overflow, stop everything, something went really wrong. */
                                ERR("Syscall listing memory size overflow. Stopping");
                                free(syscall_table);
@@ -108,8 +108,13 @@ int syscall_init_table(void)
                }
                syscall_table[index].index = index;
                syscall_table[index].bitness = bitness;
-               strncpy(syscall_table[index].name, name,
-                               sizeof(syscall_table[index].name));
+               if (lttng_strncpy(syscall_table[index].name, name,
+                               sizeof(syscall_table[index].name))) {
+                       ret = -EINVAL;
+                       free(syscall_table);
+                       syscall_table = NULL;
+                       goto error;
+               }
                /*
                DBG("Syscall name '%s' at index %" PRIu32 " of bitness %u",
                                syscall_table[index].name,