diff mbox series

[ndctl,3/4] cxl/region: fix an out of bounds access in to_csv()

Message ID 20230110-vv-coverity-fixes-v1-3-c7ee6c76b200@intel.com
State Accepted
Commit dc4b8d7b0bac767ac9c8e07a59dfc6ce16fdb937
Headers show
Series cxl: misc coverity and typo fixes | expand

Commit Message

Verma, Vishal L Jan. 10, 2023, 11:09 p.m. UTC
Static analysis reports that when 'csv' is allocated for 'len' bytes,
writing to csv[len] results in an out of bounds access. Fix this
truncation operation to instead write the NUL terminator to csv[len -
1], which is the last byte of the memory allocated.

Fixes: 3d6cd829ec08 ("cxl/region: Use cxl_filter_walk() to gather create-region targets")
Cc: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
---
 cxl/region.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Alison Schofield Jan. 11, 2023, 10:53 p.m. UTC | #1
On Tue, Jan 10, 2023 at 04:09:16PM -0700, Vishal Verma wrote:
> Static analysis reports that when 'csv' is allocated for 'len' bytes,
> writing to csv[len] results in an out of bounds access. Fix this
> truncation operation to instead write the NUL terminator to csv[len -
> 1], which is the last byte of the memory allocated.
> 
> Fixes: 3d6cd829ec08 ("cxl/region: Use cxl_filter_walk() to gather create-region targets")
> Cc: Dan Williams <dan.j.williams@intel.com>
> Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>

Reviewed-by: Alison Schofield <alison.schofield@intel.com>


> ---
>  cxl/region.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/cxl/region.c b/cxl/region.c
> index 9a81113..89be9b5 100644
> --- a/cxl/region.c
> +++ b/cxl/region.c
> @@ -156,7 +156,7 @@ static const char *to_csv(int *count, const char **strings)
>  			cursor += snprintf(csv + cursor, len - cursor, "%s%s",
>  					   arg, i + 1 < new_count ? "," : "");
>  			if (cursor >= len) {
> -				csv[len] = 0;
> +				csv[len - 1] = 0;
>  				break;
>  			}
>  		}
> 
> -- 
> 2.39.0
>
diff mbox series

Patch

diff --git a/cxl/region.c b/cxl/region.c
index 9a81113..89be9b5 100644
--- a/cxl/region.c
+++ b/cxl/region.c
@@ -156,7 +156,7 @@  static const char *to_csv(int *count, const char **strings)
 			cursor += snprintf(csv + cursor, len - cursor, "%s%s",
 					   arg, i + 1 < new_count ? "," : "");
 			if (cursor >= len) {
-				csv[len] = 0;
+				csv[len - 1] = 0;
 				break;
 			}
 		}