mainnika
/
weston
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backlight: Avoid buffer overflow in the use of readlink

Browse Source 
readlink() returns the number of bytes that it has written excluding any NUL
byte (since it does not write that itself.) This could lead to attempting to
access beyond the end of buffer if the destination of the link is exactly 100
bytes long. The standard solution to this is to subtract one from the buffer
when passing it into readlink().

Signed-off-by: Rob Bradford <rob@linux.intel.com>
Rob Bradford 12 years ago committed by Kristian Høgsberg
parent ec913fdfde
commit 273fec8ede
1 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      src/libbacklight.c

4
src/libbacklight.c
Unescape View File

@ -166,7 +166,7 @@ struct backlight *backlight_init(struct udev_device *drm_device,
if (asprintf(&path, "%s/%s", syspath, "device") < 0) if (asprintf(&path, "%s/%s", syspath, "device") < 0)
return NULL; return NULL;
ret = readlink(path, buffer, sizeof(buffer)); ret = readlink(path, buffer, sizeof(buffer) - 1);
free(path); free(path);
if (ret < 0) if (ret < 0)
return NULL; return NULL;
@ -248,7 +248,7 @@ struct backlight *backlight_init(struct udev_device *drm_device,
if (asprintf(&path, "%s/%s", backlight_path, "device") < 0) if (asprintf(&path, "%s/%s", backlight_path, "device") < 0)
return NULL; return NULL;
ret = readlink(path, buffer, sizeof(buffer)); ret = readlink(path, buffer, sizeof(buffer) - 1);
if (ret < 0) if (ret < 0)
goto out; goto out;

Write Preview
Loading…
Cancel
Save