[virt-tools-list] [virt-viewer][PATCH 1/2] coverity: Copy into fixed sized buffer

Fabiano Fidêncio fidencio at redhat.com
Mon Aug 17 15:55:29 UTC 2015


Coverity says:
You might overrun the 108 byte fixed-size string "addr.sun_path" by
copying "unixsock" without checking the lenght.
Note: This detect has an elevated risk because the source argument is a
paramenter of the current function.
---
 src/virt-viewer-app.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/virt-viewer-app.c b/src/virt-viewer-app.c
index d762699..f53a6f8 100644
--- a/src/virt-viewer-app.c
+++ b/src/virt-viewer-app.c
@@ -705,6 +705,11 @@ virt_viewer_app_open_unix_sock(const char *unixsock)
     struct sockaddr_un addr;
     int fd;
 
+    if (strlen(unixsock) + 1 > sizeof(addr.sun_path)) {
+        g_warning ("address is too long for unix socket_path: %s", unixsock);
+        return -1;
+    }
+
     memset(&addr, 0, sizeof addr);
     addr.sun_family = AF_UNIX;
     strcpy(addr.sun_path, unixsock);
-- 
2.4.3




More information about the virt-tools-list mailing list