summaryrefslogtreecommitdiff
path: root/options.c
diff options
context:
space:
mode:
authorBart Van Assche <bvanassche@acm.org>2020-05-23 20:39:47 -0700
committerBart Van Assche <bvanassche@acm.org>2020-05-23 20:46:42 -0700
commit969b9fbbf4fadbe48eb4d9fea071837d2d3eeb11 (patch)
tree8d89252d657dc2608d96f8a6e3ff5bf6832a9cbc /options.c
parent26f14c3162309115c87ed49fd4082e8cc27545d6 (diff)
downloadfio-969b9fbbf4fadbe48eb4d9fea071837d2d3eeb11.tar.gz
fio-969b9fbbf4fadbe48eb4d9fea071837d2d3eeb11.tar.bz2
Do not read past the end of fmt_desc[]
Callers of parse_format() pass a size in bytes while the parse_format() function itself expects a number of elements. Fix this by making the fmt_desc[] array NULL-terminated. This patch fixes the following Coverity complaint: CID 300986 (#1 of 1): Out-of-bounds access (OVERRUN) overrun-buffer-arg: Overrunning array fmt_desc of 1 24-byte elements by passing it to a function which accesses it at element index 23 (byte offset 575) using argument 24U. Cc: Roman Pen <r.peniaev@gmail.com> Fixes: 634bd210c17a ("lib/pattern: add set of functions to parse combined pattern input") Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Diffstat (limited to 'options.c')
-rw-r--r--options.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/options.c b/options.c
index bb450fff..85a0f490 100644
--- a/options.c
+++ b/options.c
@@ -24,7 +24,8 @@ static const struct pattern_fmt_desc fmt_desc[] = {
.fmt = "%o",
.len = FIELD_SIZE(struct io_u *, offset),
.paste = paste_blockoff
- }
+ },
+ { }
};
/*
@@ -1339,7 +1340,7 @@ static int str_buffer_pattern_cb(void *data, const char *input)
/* FIXME: for now buffer pattern does not support formats */
ret = parse_and_fill_pattern(input, strlen(input), td->o.buffer_pattern,
- MAX_PATTERN_SIZE, NULL, 0, NULL, NULL);
+ MAX_PATTERN_SIZE, NULL, NULL, NULL);
if (ret < 0)
return 1;
@@ -1388,7 +1389,7 @@ static int str_verify_pattern_cb(void *data, const char *input)
td->o.verify_fmt_sz = ARRAY_SIZE(td->o.verify_fmt);
ret = parse_and_fill_pattern(input, strlen(input), td->o.verify_pattern,
- MAX_PATTERN_SIZE, fmt_desc, sizeof(fmt_desc),
+ MAX_PATTERN_SIZE, fmt_desc,
td->o.verify_fmt, &td->o.verify_fmt_sz);
if (ret < 0)
return 1;