projects
/
fio.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
init: fix potential buffer overrun in make_filename()
[fio.git]
/
init.c
diff --git
a/init.c
b/init.c
index 6324dceefeda87959b7b218328bf5111e72f72f9..7e456b20d3466d8c9b9e83858623833fa1d6ae6d 100644
(file)
--- a/
init.c
+++ b/
init.c
@@
-942,6
+942,7
@@
static char *make_filename(char *buf, struct thread_options *o,
{
struct fpre_keyword *f;
char copy[PATH_MAX];
{
struct fpre_keyword *f;
char copy[PATH_MAX];
+ size_t dst_left = PATH_MAX;
if (!o->filename_format || !strlen(o->filename_format)) {
sprintf(buf, "%s.%d.%d", jobname, jobnum, filenum);
if (!o->filename_format || !strlen(o->filename_format)) {
sprintf(buf, "%s.%d.%d", jobname, jobnum, filenum);
@@
-969,25
+970,47
@@
static char *make_filename(char *buf, struct thread_options *o,
if (pre_len) {
strncpy(dst, buf, pre_len);
dst += pre_len;
if (pre_len) {
strncpy(dst, buf, pre_len);
dst += pre_len;
+ dst_left -= pre_len;
}
switch (f->key) {
}
switch (f->key) {
- case FPRE_JOBNAME:
- dst += sprintf(dst, "%s", jobname);
+ case FPRE_JOBNAME: {
+ int ret;
+
+ ret = snprintf(dst, dst_left, "%s", jobname);
+ if (ret < 0)
+ break;
+ dst += ret;
+ dst_left -= ret;
break;
break;
- case FPRE_JOBNUM:
- dst += sprintf(dst, "%d", jobnum);
+ }
+ case FPRE_JOBNUM: {
+ int ret;
+
+ ret = snprintf(dst, dst_left, "%d", jobnum);
+ if (ret < 0)
+ break;
+ dst += ret;
+ dst_left -= ret;
break;
break;
- case FPRE_FILENUM:
- dst += sprintf(dst, "%d", filenum);
+ }
+ case FPRE_FILENUM: {
+ int ret;
+
+ ret = snprintf(dst, dst_left, "%d", filenum);
+ if (ret < 0)
+ break;
+ dst += ret;
+ dst_left -= ret;
break;
break;
+ }
default:
assert(0);
break;
}
if (post_start)
default:
assert(0);
break;
}
if (post_start)
- str
cpy(dst, buf + post_star
t);
+ str
ncpy(dst, buf + post_start, dst_lef
t);
strcpy(buf, copy);
} while (1);
strcpy(buf, copy);
} while (1);