탐색 도움말
로그인
LBP
/
corosync
의 미러 https://github.com/corosync/corosync
4
0
포크 0
파일 이슈 0 위키
소스 검색

Fix coverity bug ID 9: OVERRUN_STATIC

CID: 9
Checker: OVERRUN_STATIC (help)
File: lib/cfg.c
Function: corosync_cfg_service_unload
Description: Overrun of static array
"&(req_lib_cfg_serviceunload).service_name" of size 1024 bytes by
passing it to a function which indexes it with argument "1023" at byte
position 4088

The main problem here is the way the service_name is defined:
-       char *service_name[256] __attribute__((aligned(8)));
+       char service_name[256] __attribute__((aligned(8)));



git-svn-id: http://svn.fedorahosted.org/svn/corosync/trunk@1718 fd59a12c-fef9-0310-b244-a6a79926bd2f
Angus Salkeld 17 년 전
부모
c049f8bf21
커밋
4fb0ae71d1
2개의 변경된 파일4개의 추가작업 그리고 4개의 파일을 삭제
통합 보기 변경상태 보기
  1. 2 2
      include/corosync/ipc_cfg.h
  2. 2 2
      lib/cfg.c

+ 2 - 2
include/corosync/ipc_cfg.h
파일 보기 

@@ -128,7 +128,7 @@ struct res_lib_cfg_ringreenable {
 
 
 
 struct req_lib_cfg_serviceload {
 
 struct req_lib_cfg_serviceload {
 
 	mar_res_header_t header __attribute__((aligned(8)));
 
 	mar_res_header_t header __attribute__((aligned(8)));
 
-	char *service_name[256] __attribute__((aligned(8)));
 
+	char service_name[256] __attribute__((aligned(8)));
 
 	unsigned int service_ver;
 
 	unsigned int service_ver;
 
 };
 
 };
 
 
 
@@ -138,7 +138,7 @@ struct res_lib_cfg_serviceload {
 
 
 
 struct req_lib_cfg_serviceunload {
 
 struct req_lib_cfg_serviceunload {
 
 	mar_res_header_t header __attribute__((aligned(8)));
 
 	mar_res_header_t header __attribute__((aligned(8)));
 
-	char *service_name[256] __attribute__((aligned(8)));
 
+	char service_name[256] __attribute__((aligned(8)));
 
 	unsigned int service_ver;
 
 	unsigned int service_ver;
 
 };
 
 };

+ 2 - 2
lib/cfg.c
파일 보기 

@@ -483,7 +483,7 @@ corosync_cfg_service_load (
 
 	req_lib_cfg_serviceload.header.id = MESSAGE_REQ_CFG_SERVICELOAD;
 
 	req_lib_cfg_serviceload.header.id = MESSAGE_REQ_CFG_SERVICELOAD;
 
 	memset (&req_lib_cfg_serviceload.service_name, 0,
 
 	memset (&req_lib_cfg_serviceload.service_name, 0,
 
 		sizeof (req_lib_cfg_serviceload.service_name));
 
 		sizeof (req_lib_cfg_serviceload.service_name));
 
-	strncpy ((char *)req_lib_cfg_serviceload.service_name, service_name,
 
+	strncpy (req_lib_cfg_serviceload.service_name, service_name,
 
 		sizeof (req_lib_cfg_serviceload.service_name) - 1);
 
 		sizeof (req_lib_cfg_serviceload.service_name) - 1);
 
 	req_lib_cfg_serviceload.service_ver = service_ver;
 
 	req_lib_cfg_serviceload.service_ver = service_ver;
 
 
 
@@ -521,7 +521,7 @@ corosync_cfg_service_unload (
 
 	req_lib_cfg_serviceunload.header.id = MESSAGE_REQ_CFG_SERVICEUNLOAD;
 
 	req_lib_cfg_serviceunload.header.id = MESSAGE_REQ_CFG_SERVICEUNLOAD;
 
 	memset (&req_lib_cfg_serviceunload.service_name, 0,
 
 	memset (&req_lib_cfg_serviceunload.service_name, 0,
 
 		sizeof (req_lib_cfg_serviceunload.service_name));
 
 		sizeof (req_lib_cfg_serviceunload.service_name));
 
-	strncpy ((char *)req_lib_cfg_serviceunload.service_name, service_name,
 
+	strncpy (req_lib_cfg_serviceunload.service_name, service_name,
 
 		sizeof (req_lib_cfg_serviceunload.service_name) - 1);
 
 		sizeof (req_lib_cfg_serviceunload.service_name) - 1);
 
 	req_lib_cfg_serviceunload.service_ver = service_ver;
 
 	req_lib_cfg_serviceunload.service_ver = service_ver;