projects / lttng-tools.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e8d3e76)
Fix: memcpy used on potentially overlapping regions
authorJérémie Galarneau <jeremie.galarneau@efficios.com>
Thu, 20 Aug 2020 19:38:18 +0000 (15:38 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Wed, 9 Sep 2020 19:05:35 +0000 (15:05 -0400)
Caught by reviewing unrelated code, these two uses of memcpy
can operate on overlapping buffers. I checked all other uses
of "raw" memcpy and those appear safe.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I72b1204bc52a92015042adb6a67b022d140f5b4e

src/bin/lttng-sessiond/notification-thread-events.c patch | blob | blame | history
src/common/utils.c patch | blob | blame | history

diff --git a/src/bin/lttng-sessiond/notification-thread-events.c b/src/bin/lttng-sessiond/notification-thread-events.c
index 9660f9aad1bb3efcd34afd25d1a7056d0bfaa10f..b078b59332e028a4bd6d5049724acb6a0898dbbe 100644 (file)
--- a/src/bin/lttng-sessiond/notification-thread-events.c
+++ b/src/bin/lttng-sessiond/notification-thread-events.c
@@ -2569,7 +2569,7 @@ int client_flush_outgoing_queue(struct notification_client *client,
                                client->socket);
                to_send_count -= max(ret, 0);
 
-               memcpy(client->communication.outbound.buffer.data,
+               memmove(client->communication.outbound.buffer.data,
                                client->communication.outbound.buffer.data +
                                client->communication.outbound.buffer.size - to_send_count,
                                to_send_count);
diff --git a/src/common/utils.c b/src/common/utils.c
index d6c67bb0f368bac63699b85c05dc399d8d292a08..2f587bc7c49f11cfb03bdbbc59149c9994d9bd17 100644 (file)
--- a/src/common/utils.c
+++ b/src/common/utils.c
@@ -294,7 +294,7 @@ int expand_double_slashes_dot_and_dotdot(char *path)
                 * Copy the current token which is neither a '.' nor a '..'.
                 */
                path[expanded_path_len++] = '/';
-               memcpy(&path[expanded_path_len], curr_char, curr_token_len);
+               memmove(&path[expanded_path_len], curr_char, curr_token_len);
                expanded_path_len += curr_token_len;
        }
 
LTTng 2.0 tools and control repository
This page took 0.028154 seconds and 4 git commands to generate.