Avoid potential buffer overflow in make_filename()

[fio.git] / init.c

diff --git a/init.c b/init.c
index d3dec0a17ebe91d52540cd196f26fb1592a6c9b3..a0d4f8c797f092378ec80a067c0aa1afed15e416 100644 (file)
--- a/init.c
+++ b/init.c
@@ -1036,8 +1036,14 @@ static char *make_filename(char *buf, size_t buf_size,struct thread_options *o,
                                ret = snprintf(dst, dst_left, "%s", jobname);
                                if (ret < 0)
                                        break;
-                               dst += ret;
-                               dst_left -= ret;
+                               else if (ret > dst_left) {
+                                       log_err("fio: truncated filename\n");
+                                       dst += dst_left;
+                                       dst_left = 0;
+                               } else {
+                                       dst += ret;
+                                       dst_left -= ret;
+                               }
                                break;
                                }
                        case FPRE_JOBNUM: {
@@ -1046,8 +1052,14 @@ static char *make_filename(char *buf, size_t buf_size,struct thread_options *o,
                                ret = snprintf(dst, dst_left, "%d", jobnum);
                                if (ret < 0)
                                        break;
-                               dst += ret;
-                               dst_left -= ret;
+                               else if (ret > dst_left) {
+                                       log_err("fio: truncated filename\n");
+                                       dst += dst_left;
+                                       dst_left = 0;
+                               } else {
+                                       dst += ret;
+                                       dst_left -= ret;
+                               }
                                break;
                                }
                        case FPRE_FILENUM: {
@@ -1056,8 +1068,14 @@ static char *make_filename(char *buf, size_t buf_size,struct thread_options *o,
                                ret = snprintf(dst, dst_left, "%d", filenum);
                                if (ret < 0)
                                        break;
-                               dst += ret;
-                               dst_left -= ret;
+                               else if (ret > dst_left) {
+                                       log_err("fio: truncated filename\n");
+                                       dst += dst_left;
+                                       dst_left = 0;
+                               } else {
+                                       dst += ret;
+                                       dst_left -= ret;
+                               }
                                break;
                                }
                        default:
@@ -2238,7 +2256,7 @@ int parse_cmd_line(int argc, char *argv[], int client_type)
                case 'T':
                        did_arg = 1;
                        do_exit++;
-                       exit_val = fio_monotonic_clocktest();
+                       exit_val = fio_monotonic_clocktest(1);
                        break;
                case 'G':
                        did_arg = 1;