[dpdk-dev,v1] metrics: fix potential missing NULL termination
Checks
Commit Message
Fixes a potential memory overrun detected by Coverity.
This overrun cannot currently happen in practice because
rte_metrics_reg_names() explicitly forces the last name
character to be a NULL terminator. This patch adds the
same enforcement to rte_metrics_get_names() in order to
correct the warning.
Coverity issue: 143434
Fixes: 349950ddb9c5 ("metrics: add information metrics library")
Signed-off-by: Remy Horton <remy.horton@intel.com>
---
lib/librte_metrics/rte_metrics.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
Comments
On Tue, Feb 20, 2018 at 02:50:01PM +0000, Remy Horton wrote:
> Fixes a potential memory overrun detected by Coverity.
> This overrun cannot currently happen in practice because
> rte_metrics_reg_names() explicitly forces the last name
> character to be a NULL terminator. This patch adds the
> same enforcement to rte_metrics_get_names() in order to
> correct the warning.
>
> Coverity issue: 143434
> Fixes: 349950ddb9c5 ("metrics: add information metrics library")
>
> Signed-off-by: Remy Horton <remy.horton@intel.com>
> ---
> lib/librte_metrics/rte_metrics.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/lib/librte_metrics/rte_metrics.c b/lib/librte_metrics/rte_metrics.c
> index 556ae1b..958ef3d 100644
> --- a/lib/librte_metrics/rte_metrics.c
> +++ b/lib/librte_metrics/rte_metrics.c
> @@ -214,10 +214,15 @@ rte_metrics_get_names(struct rte_metric_name *names,
> rte_spinlock_unlock(&stats->lock);
> return return_value;
> }
> - for (idx_name = 0; idx_name < stats->cnt_stats; idx_name++)
> + for (idx_name = 0; idx_name < stats->cnt_stats; idx_name++) {
> strncpy(names[idx_name].name,
> stats->metadata[idx_name].name,
> RTE_METRICS_MAX_NAME_LEN);
> + /* Enforce NULL-termination. The source string should already
> + * be NULL-terminated, so this is to quieten lint checks..
> + */
> + names[idx_name].name[RTE_METRICS_MAX_NAME_LEN - 1] = '\0';
> + }
> }
Again, I think the better fix is to replace strncpy with snprintf which
will guarantee the null termination, unlike strncpy which is nasty that
way.
/Bruce
On 20/02/2018 15:11, Bruce Richardson wrote:
[..]
> Again, I think the better fix is to replace strncpy with snprintf which
> will guarantee the null termination, unlike strncpy which is nasty that
> way.
OK, v2 on way..
@@ -214,10 +214,15 @@ rte_metrics_get_names(struct rte_metric_name *names,
rte_spinlock_unlock(&stats->lock);
return return_value;
}
- for (idx_name = 0; idx_name < stats->cnt_stats; idx_name++)
+ for (idx_name = 0; idx_name < stats->cnt_stats; idx_name++) {
strncpy(names[idx_name].name,
stats->metadata[idx_name].name,
RTE_METRICS_MAX_NAME_LEN);
+ /* Enforce NULL-termination. The source string should already
+ * be NULL-terminated, so this is to quieten lint checks..
+ */
+ names[idx_name].name[RTE_METRICS_MAX_NAME_LEN - 1] = '\0';
+ }
}
return_value = stats->cnt_stats;
rte_spinlock_unlock(&stats->lock);