diff options
| author | Bart Van Assche <bvanassche@acm.org> | 2020-05-23 20:39:47 -0700 |
|---|---|---|
| committer | Bart Van Assche <bvanassche@acm.org> | 2020-05-23 20:46:42 -0700 |
| commit | 969b9fbbf4fadbe48eb4d9fea071837d2d3eeb11 (patch) | |
| tree | 8d89252d657dc2608d96f8a6e3ff5bf6832a9cbc /lib | |
| parent | 26f14c3162309115c87ed49fd4082e8cc27545d6 (diff) | |
| download | fio-969b9fbbf4fadbe48eb4d9fea071837d2d3eeb11.tar.gz fio-969b9fbbf4fadbe48eb4d9fea071837d2d3eeb11.tar.bz2 | |
Do not read past the end of fmt_desc[]
Callers of parse_format() pass a size in bytes while the parse_format()
function itself expects a number of elements. Fix this by making the
fmt_desc[] array NULL-terminated. This patch fixes the following Coverity
complaint:
CID 300986 (#1 of 1): Out-of-bounds access (OVERRUN)
overrun-buffer-arg: Overrunning array fmt_desc of 1 24-byte elements by
passing it to a function which accesses it at element index 23 (byte
offset 575) using argument 24U.
Cc: Roman Pen <r.peniaev@gmail.com>
Fixes: 634bd210c17a ("lib/pattern: add set of functions to parse combined pattern input")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pattern.c | 11 | ||||
| -rw-r--r-- | lib/pattern.h | 1 |
2 files changed, 3 insertions, 9 deletions
diff --git a/lib/pattern.c b/lib/pattern.c index 04d30657..680a12be 100644 --- a/lib/pattern.c +++ b/lib/pattern.c @@ -205,7 +205,6 @@ static const char *parse_number(const char *beg, char *out, * @parsed - number of bytes which were already parsed so far * @out_len - length of the output buffer * @fmt_desc - format descriptor array, what we expect to find - * @fmt_desc_sz - size of the format descriptor array * @fmt - format array, the output * @fmt_sz - size of format array * @@ -223,19 +222,18 @@ static const char *parse_number(const char *beg, char *out, static const char *parse_format(const char *in, char *out, unsigned int parsed, unsigned int out_len, unsigned int *filled, const struct pattern_fmt_desc *fmt_desc, - unsigned int fmt_desc_sz, struct pattern_fmt *fmt, unsigned int fmt_sz) { int i; struct pattern_fmt *f = NULL; unsigned int len = 0; - if (!out_len || !fmt_desc || !fmt_desc_sz || !fmt || !fmt_sz) + if (!out_len || !fmt_desc || !fmt || !fmt_sz) return NULL; assert(*in == '%'); - for (i = 0; i < fmt_desc_sz; i++) { + for (i = 0; fmt_desc[i].fmt; i++) { const struct pattern_fmt_desc *desc; desc = &fmt_desc[i]; @@ -267,7 +265,6 @@ static const char *parse_format(const char *in, char *out, unsigned int parsed, * @out - output buffer where parsed result will be put * @out_len - lengths of the output buffer * @fmt_desc - array of pattern format descriptors [input] - * @fmt_desc_sz - size of the format descriptor array * @fmt - array of pattern formats [output] * @fmt_sz - pointer where the size of pattern formats array stored [input], * after successfull parsing this pointer will contain the number @@ -311,7 +308,6 @@ static const char *parse_format(const char *in, char *out, unsigned int parsed, int parse_and_fill_pattern(const char *in, unsigned int in_len, char *out, unsigned int out_len, const struct pattern_fmt_desc *fmt_desc, - unsigned int fmt_desc_sz, struct pattern_fmt *fmt, unsigned int *fmt_sz_out) { @@ -340,8 +336,7 @@ int parse_and_fill_pattern(const char *in, unsigned int in_len, break; case '%': end = parse_format(beg, out, out - out_beg, out_len, - &filled, fmt_desc, fmt_desc_sz, - fmt, fmt_rem); + &filled, fmt_desc, fmt, fmt_rem); parsed_fmt = 1; break; default: diff --git a/lib/pattern.h b/lib/pattern.h index 2d655ad0..a6d9d6b4 100644 --- a/lib/pattern.h +++ b/lib/pattern.h @@ -24,7 +24,6 @@ struct pattern_fmt { int parse_and_fill_pattern(const char *in, unsigned int in_len, char *out, unsigned int out_len, const struct pattern_fmt_desc *fmt_desc, - unsigned int fmt_desc_sz, struct pattern_fmt *fmt, unsigned int *fmt_sz_out); |