| Message ID | 20230110-vv-coverity-fixes-v1-3-c7ee6c76b200@intel.com |
|---|---|
| State | Accepted |
| Commit | dc4b8d7b0bac767ac9c8e07a59dfc6ce16fdb937 |
| Headers | show |
| Series | cxl: misc coverity and typo fixes | expand |
On Tue, Jan 10, 2023 at 04:09:16PM -0700, Vishal Verma wrote: > Static analysis reports that when 'csv' is allocated for 'len' bytes, > writing to csv[len] results in an out of bounds access. Fix this > truncation operation to instead write the NUL terminator to csv[len - > 1], which is the last byte of the memory allocated. > > Fixes: 3d6cd829ec08 ("cxl/region: Use cxl_filter_walk() to gather create-region targets") > Cc: Dan Williams <dan.j.williams@intel.com> > Signed-off-by: Vishal Verma <vishal.l.verma@intel.com> Reviewed-by: Alison Schofield <alison.schofield@intel.com> > --- > cxl/region.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/cxl/region.c b/cxl/region.c > index 9a81113..89be9b5 100644 > --- a/cxl/region.c > +++ b/cxl/region.c > @@ -156,7 +156,7 @@ static const char *to_csv(int *count, const char **strings) > cursor += snprintf(csv + cursor, len - cursor, "%s%s", > arg, i + 1 < new_count ? "," : ""); > if (cursor >= len) { > - csv[len] = 0; > + csv[len - 1] = 0; > break; > } > } > > -- > 2.39.0 >
diff --git a/cxl/region.c b/cxl/region.c index 9a81113..89be9b5 100644 --- a/cxl/region.c +++ b/cxl/region.c @@ -156,7 +156,7 @@ static const char *to_csv(int *count, const char **strings) cursor += snprintf(csv + cursor, len - cursor, "%s%s", arg, i + 1 < new_count ? "," : ""); if (cursor >= len) { - csv[len] = 0; + csv[len - 1] = 0; break; } }
Static analysis reports that when 'csv' is allocated for 'len' bytes, writing to csv[len] results in an out of bounds access. Fix this truncation operation to instead write the NUL terminator to csv[len - 1], which is the last byte of the memory allocated. Fixes: 3d6cd829ec08 ("cxl/region: Use cxl_filter_walk() to gather create-region targets") Cc: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Vishal Verma <vishal.l.verma@intel.com> --- cxl/region.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)