The padding of the old ABI is bigger than the new one so we use the size
of the new padding size for the memcpy since it will always be smaller.
In kernctl_create_channel: Out-of-bounds access to a buffer (CWE-119).
In kernctl_open_metadata: Out-of-bounds access to a buffer (CWE-119).
Issue
1019925 and
1019924 of coverity scan.
Signed-off-by: David Goulet <dgoulet@efficios.com>
old_channel.switch_timer_interval = chops->switch_timer_interval;
old_channel.read_timer_interval = chops->read_timer_interval;
old_channel.output = chops->output;
old_channel.switch_timer_interval = chops->switch_timer_interval;
old_channel.read_timer_interval = chops->read_timer_interval;
old_channel.output = chops->output;
- memcpy(old_channel.padding, chops->padding, sizeof(old_channel.padding));
+
+ memset(old_channel.padding, 0, sizeof(old_channel.padding));
+ /*
+ * The new channel padding is smaller than the old ABI so we use the
+ * new ABI padding size for the memcpy.
+ */
+ memcpy(old_channel.padding, chops->padding, sizeof(chops->padding));
return ioctl(fd, LTTNG_KERNEL_OLD_METADATA, &old_channel);
}
return ioctl(fd, LTTNG_KERNEL_OLD_METADATA, &old_channel);
}
old_channel.switch_timer_interval = chops->switch_timer_interval;
old_channel.read_timer_interval = chops->read_timer_interval;
old_channel.output = chops->output;
old_channel.switch_timer_interval = chops->switch_timer_interval;
old_channel.read_timer_interval = chops->read_timer_interval;
old_channel.output = chops->output;
- memcpy(old_channel.padding, chops->padding, sizeof(old_channel.padding));
+
+ memset(old_channel.padding, 0, sizeof(old_channel.padding));
+ /*
+ * The new channel padding is smaller than the old ABI so we use the
+ * new ABI padding size for the memcpy.
+ */
+ memcpy(old_channel.padding, chops->padding, sizeof(chops->padding));
return ioctl(fd, LTTNG_KERNEL_OLD_CHANNEL, &old_channel);
}
return ioctl(fd, LTTNG_KERNEL_OLD_CHANNEL, &old_channel);
}