Fix: memcpy used on potentially overlapping regions

Caught by reviewing unrelated code, these two uses of memcpy
can operate on overlapping buffers. I checked all other uses
of "raw" memcpy and those appear safe.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I72b1204bc52a92015042adb6a67b022d140f5b4e

diff --git a/src/bin/lttng-sessiond/notification-thread-events.c b/src/bin/lttng-sessiond/notification-thread-events.c
index f7a52463862afa94f167ee181d54250e767cd39b..24bc2482ade2590a802057a3e7dd334c01f16220 100644 (file)
--- a/src/bin/lttng-sessiond/notification-thread-events.c
+++ b/src/bin/lttng-sessiond/notification-thread-events.c
@@ -2579,7 +2579,7 @@ int client_flush_outgoing_queue(struct notification_client *client,
                                client->socket);
                to_send_count -= max(ret, 0);
 
-               memcpy(client->communication.outbound.buffer.data,
+               memmove(client->communication.outbound.buffer.data,
                                client->communication.outbound.buffer.data +
                                client->communication.outbound.buffer.size - to_send_count,
                                to_send_count);

diff --git a/src/common/utils.c b/src/common/utils.c
index 7041a713bd7caa77e15a5dff69d688691824923f..5420490a76a40f1d66d504f46e545aaebba56f78 100644 (file)
--- a/src/common/utils.c
+++ b/src/common/utils.c
@@ -300,7 +300,7 @@ int expand_double_slashes_dot_and_dotdot(char *path)
                 * Copy the current token which is neither a '.' nor a '..'.
                 */
                path[expanded_path_len++] = '/';
-               memcpy(&path[expanded_path_len], curr_char, curr_token_len);
+               memmove(&path[expanded_path_len], curr_char, curr_token_len);
                expanded_path_len += curr_token_len;
        }