Overview

File xen.3a633c261426f06627d88bf7feca6ff87f692f16.patch of Package xen

From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Thu, 5 Apr 2018 03:50:51 +0200
Subject: 3a633c261426f06627d88bf7feca6ff87f692f16
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

tools/blktap2: fix hypothetical buffer overflow

gcc-8 complains:

    vhd-util-read.c: In function 'vhd_util_read':
    vhd-util-read.c:50:24: error: '%lu' directive output may be truncated writing between 1 and 20 bytes into a region of size 15 [-Werror=format-truncation=]
      snprintf(nbuf, nsize, "%" PRIu64, num);
                            ^~~
    vhd-util-read.c:50:25: note: format string is defined here
      snprintf(nbuf, nsize, "%" PRIu64, num);
    vhd-util-read.c:50:24: note: directive argument in the range [0, 18446744073709551614]
      snprintf(nbuf, nsize, "%" PRIu64, num);
                            ^~~
    vhd-util-read.c:50:2: note: 'snprintf' output between 2 and 21 bytes into a destination of size 15
      snprintf(nbuf, nsize, "%" PRIu64, num);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    vhd-util-read.c:43:24: error: '%#lx' directive output may be truncated writing between 1 and 18 bytes into a region of size 15 [-Werror=format-truncation=]
      snprintf(nbuf, nsize, "%#" PRIx64 , num);
                            ^~~~
    vhd-util-read.c:43:25: note: format string is defined here
      snprintf(nbuf, nsize, "%#" PRIx64 , num);
    vhd-util-read.c:43:24: note: directive argument in the range [0, 18446744073709551614]
      snprintf(nbuf, nsize, "%#" PRIx64 , num);
                            ^~~~
    vhd-util-read.c:43:2: note: 'snprintf' output between 2 and 19 bytes into a destination of size 15
      snprintf(nbuf, nsize, "%#" PRIx64 , num);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make the buffer larger.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Release-Acked-by: Juergen Gross <jgross@suse.com>
---
 tools/blktap2/vhd/lib/vhd-util-read.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tools/blktap2/vhd/lib/vhd-util-read.c
+++ b/tools/blktap2/vhd/lib/vhd-util-read.c
@@ -25,25 +25,25 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <stdio.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <inttypes.h>
 
 #include "libvhd.h"
 #include "vhd-util.h"
 
-#define nsize     15
+#define nsize     24
 static char nbuf[nsize];
 
 static inline char *
 __xconv(uint64_t num)
 {
 	snprintf(nbuf, nsize, "%#" PRIx64 , num);
 	return nbuf;
 }
 
 static inline char *
 __dconv(uint64_t num)
 {
openSUSE Build Service is sponsored by
Places