'[LTP] [PATCH] Fix potential overflows in sched_tc4 and sched_driver'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ltp-list
Subject:    [LTP] [PATCH] Fix potential overflows in sched_tc4 and sched_driver
From:       Daniel Gollub <dgollub () suse ! de>
Date:       2008-10-22 21:40:03
Message-ID: 200810222340.03981.dgollub () suse ! de
[Download RAW message or body]

Hi,

please find attached a fix for potential overflows in sched_tc4 and sched_driver.

sched_tc4:
  RAWDEV could be much large then 16 chars - e.g. /dev/cciss/c0d0p6 (18)
  (only use of RAWDEV in entire sched_stress module)

sched_driver:
  pathname could be much large then 50 - increased to PATH_MAX.

Problem observed and original fixed by Yi Xu.
Patch got slightly cleaned-up/modified.

Reviewed-by: Daniel Gollub <dgollub@suse.de>
Signed-off-by: Daniel Gollub <dgollub@suse.de>

---
 testcases/kernel/sched/sched_stress/sched_driver.c |    3 ++-
 testcases/kernel/sched/sched_stress/sched_tc4.c    |    8 +++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

Index: testcases/kernel/sched/sched_stress/sched_driver.c
===================================================================
--- testcases/kernel/sched/sched_stress/sched_driver.c.orig
+++ testcases/kernel/sched/sched_stress/sched_driver.c
@@ -69,6 +69,7 @@
 #include <signal.h>
 #include <pwd.h>
 #include <time.h>
+#include <limits.h>
 #include "sched.h"
 
 /*
@@ -421,7 +422,7 @@ char 	*name,     /* filename of testcase
 	*param3;   /* if sched_tc6:  fork flag, 0=false, 1=true */
 float *t2;       /* if sched_tc6:  second time returned from testcase */
 {
-	char	temp[50],	/* holds pathname and returned floating number */
+	char	temp[PATH_MAX],	/* holds pathname and returned floating number */
 		t2asc[50];   	/* holds second returned floating number */
 	int	saved_pid;	/* process id of forked process */
 	FILE	*datafile;	/* file pointer for temporary file */
Index: testcases/kernel/sched/sched_stress/sched_tc4.c
===================================================================
--- testcases/kernel/sched/sched_stress/sched_tc4.c.orig
+++ testcases/kernel/sched/sched_stress/sched_tc4.c
@@ -189,13 +189,11 @@ void read_raw_device()
 	int	i;                         /* loop counter */
 	int	blocks=0;                    /* number of blocks read */
 #ifndef __linux__
-	static char   raw_dev[16] = "/dev/hd2";  /* name of raw device file */
+	char   raw_dev[50] = "/dev/hd2";  /* name of raw device file */
 #else
-	static char   raw_dev[16];		/* name of raw device file  */
+	char   *raw_dev;		/* name of raw device file  */
 
-        if (getenv("RAWDEV"))
-        	sprintf(raw_dev, "%s", getenv("RAWDEV")); 
-        else
+	if ((raw_dev = getenv("RAWDEV")) == NULL)
         {
 	    errno = ENODATA;
 	    sys_error("environment variable RAWDEV not set", __FILE__,__LINE__);

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic