File xen.b021beb21a977a89b763db7b7df7c362cf8640a8.patch of Package xen

Overview Repositories Revisions Requests Users Attributes Meta

File xen.b021beb21a977a89b763db7b7df7c362cf8640a8.patch of Package xen

From: Ian Campbell <ian.campbell@citrix.com>
Date: Tue, 16 Feb 2016 11:18:20 +0000
Subject: b021beb21a977a89b763db7b7df7c362cf8640a8

tools: libxl: NULL terminate partially constructed hex string

Coverity (correctly) complains that the strncpy(p, "0x", 2) will not
null terminate p.

Although we can see that in the rest of the function p will
definitely be NULL terminated by the time it is complete there is no
harm in passing 3 to the strncpy and allowing it to NULL terminate to
placate Coverity. We know this is safe because the allocation to hold
the string includes a "+3" for the 0x and the terminating NULL.

Compile tested only.

CID: 1198708

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/libxl/libxl_utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tools/libxl/libxl_utils.c
+++ b/tools/libxl/libxl_utils.c
@@ -693,25 +693,25 @@ int libxl_bitmap_count_set(const libxl_bitmap *bitmap)
         nr_set_bits++;
 
     return nr_set_bits;
 }
 
 /* NB. caller is responsible for freeing the memory */
 char *libxl_bitmap_to_hex_string(libxl_ctx *ctx, const libxl_bitmap *bitmap)
 {
     GC_INIT(ctx);
     int i = bitmap->size;
     char *p = libxl__zalloc(NOGC, bitmap->size * 2 + 3);
     char *q = p;
-    strncpy(p, "0x", 2);
+    strncpy(p, "0x", 3);
     p += 2;
     while(--i >= 0) {
         sprintf(p, "%02x", bitmap->map[i]);
         p += 2;
     }
     *p = '\0';
     GC_FREE;
     return q;
 }
 
 int libxl_cpu_bitmap_alloc(libxl_ctx *ctx, libxl_bitmap *cpumap, int max_cpus)
 {

Places

File xen.b021beb21a977a89b763db7b7df7c362cf8640a8.patch of Package xen

Places