[Crash-utility] [PATCH 2/2] tools: fix potential source and destination overlap with strcpy()
HAGIO KAZUHITO(萩尾 一仁)
k-hagio-ab at nec.com
Fri Jan 22 09:51:47 UTC 2021
-----Original Message-----
> valgrind detects the following error:
>
> ==14603== Source and destination overlap in strcpy(0x1ffefffe42, 0x1ffefffe44)
> ==14603== at 0x483CD70: strcpy (vg_replace_strmem.c:511)
> ==14603== by 0x477813: pages_to_size (tools.c:6393)
> ==14603== by 0x4F292E: display_sys_stats (kernel.c:5629)
> ==14603== by 0x464BC7: main_loop (main.c:797)
> ==14603== by 0x6BE352: captured_command_loop (main.c:258)
> ==14603== by 0x6BC959: catch_errors (exceptions.c:557)
> ==14603== by 0x6BF3D5: captured_main (main.c:1064)
> ==14603== by 0x6BC959: catch_errors (exceptions.c:557)
> ==14603== by 0x6BF686: gdb_main (main.c:1079)
> ==14603== by 0x6BF686: gdb_main_entry (main.c:1099)
> ==14603== by 0x46316F: main (main.c:708)
> ==14603==
>
> pages_to_size() removes ".0 " if it is contained in the created string
> by overwriting them using strcpy() with the following "MB\0" or
> "GB\0". However, strcpy() doesn't accept such overlapping source and
> destination and thus use of strcpy() in this case is illegal.
>
> Let's fix this by re-implementing the logic by memmove() where
> destination and source strings may overlap.
>
> Signed-off-by: HATAYAMA Daisuke <d.hatayama at fujitsu.com>
I thought ".0 " does not need to be removed, but ok we are used to it..
Acked-by: Kazuhito Hagio <k-hagio-ab at nec.com>
Merged these two patches:
https://github.com/crash-utility/crash/commits/3972c86695954d446a6301282a21acc8e6967ea2
Thanks,
Kazu
> ---
> tools.c | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/tools.c b/tools.c
> index 89352b1..71bac6d 100644
> --- a/tools.c
> +++ b/tools.c
> @@ -6371,7 +6371,7 @@ char *
> pages_to_size(ulong pages, char *buf)
> {
> double total;
> - char *p1, *p2;
> + char *p;
>
> if (pages == 0) {
> sprintf(buf, "0");
> @@ -6387,11 +6387,8 @@ pages_to_size(ulong pages, char *buf)
> else
> sprintf(buf, "%ld KB", (ulong)(total/(double)KILOBYTES(1)));
>
> - if ((p1 = strstr(buf, ".0 "))) {
> - p2 = p1 + 3;
> - *p1++ = ' ';
> - strcpy(p1, p2);
> - }
> + if ((p = strstr(buf, ".0 ")))
> + memmove(p, p + 2, sizeof(" GB"));
>
> return buf;
> }
> --
> 2.29.2
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
More information about the Crash-utility
mailing list