From 8a5422a0a990db34189f2c159820e36e0ace7dd1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?=
 <jeremie.galarneau@efficios.com>
Date: Thu, 20 Aug 2020 15:38:18 -0400
Subject: [PATCH] Fix: memcpy used on potentially overlapping regions
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Caught by reviewing unrelated code, these two uses of memcpy
can operate on overlapping buffers. I checked all other uses
of "raw" memcpy and those appear safe.

Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
Change-Id: I72b1204bc52a92015042adb6a67b022d140f5b4e
---
 src/bin/lttng-sessiond/notification-thread-events.c | 2 +-
 src/common/utils.c                                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/bin/lttng-sessiond/notification-thread-events.c b/src/bin/lttng-sessiond/notification-thread-events.c
index f7a524638..24bc2482a 100644
--- a/src/bin/lttng-sessiond/notification-thread-events.c
+++ b/src/bin/lttng-sessiond/notification-thread-events.c
@@ -2579,7 +2579,7 @@ int client_flush_outgoing_queue(struct notification_client *client,
 				client->socket);
 		to_send_count -= max(ret, 0);
 
-		memcpy(client->communication.outbound.buffer.data,
+		memmove(client->communication.outbound.buffer.data,
 				client->communication.outbound.buffer.data +
 				client->communication.outbound.buffer.size - to_send_count,
 				to_send_count);
diff --git a/src/common/utils.c b/src/common/utils.c
index 7041a713b..5420490a7 100644
--- a/src/common/utils.c
+++ b/src/common/utils.c
@@ -300,7 +300,7 @@ int expand_double_slashes_dot_and_dotdot(char *path)
 		 * Copy the current token which is neither a '.' nor a '..'.
 		 */
 		path[expanded_path_len++] = '/';
-		memcpy(&path[expanded_path_len], curr_char, curr_token_len);
+		memmove(&path[expanded_path_len], curr_char, curr_token_len);
 		expanded_path_len += curr_token_len;
 	}
 
-- 
2.34.1