Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit fe353178 authored by Thomas Jarosch's avatar Thomas Jarosch Committed by Pekka Enberg
Browse files

tools, slub: Fix off-by-one buffer corruption after readlink() call 



readlink() never zero terminates the provided buffer.
Therefore we already do

    buffer[count] = 0;

This leads to an off-by-one buffer corruption as readlink()
might return the full size of the buffer.

The common technique is to reduce the buffer size by one.
Another fix would be to check

  if (count < 0 || count == sizeof(buffer))
      fatal();

Reducing the buffer size by one is easier IMHO.

Signed-off-by: default avatarThomas Jarosch <thomas.jarosch@intra2net.com>
Acked-by: default avatarDavid Rientjes <rientjes@google.com>
Acked-by: default avatarChristoph Lameter <cl@gentwo.org>
Signed-off-by: default avatarPekka Enberg <penberg@kernel.org>
parent ab067e99
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment