| Message ID | 20190125102043.19715-1-tstoyanov@vmware.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | trace-cmd: Fix a buffer overrun | expand |
diff --git a/lib/traceevent/event-parse.c b/lib/traceevent/event-parse.c index 6f7f4be..3f85b94 100644 --- a/lib/traceevent/event-parse.c +++ b/lib/traceevent/event-parse.c @@ -2457,7 +2457,7 @@ static int arg_num_eval(struct tep_print_arg *arg, long long *val) static char *arg_eval (struct tep_print_arg *arg) { long long val; - static char buf[20]; + static char buf[21]; switch (arg->type) { case TEP_PRINT_ATOM: @@ -2467,7 +2467,7 @@ static char *arg_eval (struct tep_print_arg *arg) case TEP_PRINT_OP: if (!arg_num_eval(arg, &val)) break; - sprintf(buf, "%lld", val); + snprintf(buf, 21, "%lld", val); return buf; case TEP_PRINT_NULL:
Fix a buffer overrun in arg_eval() function in traceevent library. The min value of long long is -9223372036854775808, it needs at least 21 bytes to be printed as a string. Reported-by: Michael Sartain <mikesart@fastmail.com> Signed-off-by: Tzvetomir Stoyanov <tstoyanov@vmware.com> --- lib/traceevent/event-parse.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)