]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e749905) | patch
tools, slub: Fix off-by-one buffer corruption after readlink() call
authorThomas Jarosch <thomas.jarosch@intra2net.com>
Mon, 17 Oct 2011 14:48:10 +0000 (16:48 +0200)
committerPekka Enberg <penberg@kernel.org>
Tue, 18 Oct 2011 16:57:59 +0000 (19:57 +0300)
commit06c14abbdae87de5b9dd0f5ac6dbba1511e57bff
tree49c4d36e9f3929df1f561033722cbf72c65fee96tree | snapshot
parente749905dc98e4fb76ae8d4b696986c71495d490fcommit | diff
tools, slub: Fix off-by-one buffer corruption after readlink() call

readlink() never zero terminates the provided buffer.
Therefore we already do

    buffer[count] = 0;

This leads to an off-by-one buffer corruption as readlink()
might return the full size of the buffer.

The common technique is to reduce the buffer size by one.
Another fix would be to check

  if (count < 0 || count == sizeof(buffer))
      fatal();

Reducing the buffer size by one is easier IMHO.

Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Christoph Lameter <cl@gentwo.org>
Signed-off-by: Pekka Enberg <penberg@kernel.org>
tools/slub/slabinfo.c diff | blob | history
Linux Kernel Source Tree.