diff options
author | Corentin Chary <corentincj@iksaif.net> | 2009-05-09 11:41:07 +0200 |
---|---|---|
committer | Artem Bityutskiy <Artem.Bityutskiy@nokia.com> | 2009-05-11 18:30:30 +0300 |
commit | dec7d7d8b1a42a927c497f120833166166d9c7f3 (patch) | |
tree | a18d9bade2d31856ddc17097c4a4dac4fb1ab804 /ubi-utils | |
parent | 999757f7e892375b1a8dfe8b0ccb3a139d8c7f71 (diff) |
libubi: fix multiple memory corruptions
The memset is obviously wrong, and valgrind tells
use there are some uninitialised bytes used after read()
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Diffstat (limited to 'ubi-utils')
-rw-r--r-- | ubi-utils/src/libubi.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ubi-utils/src/libubi.c b/ubi-utils/src/libubi.c index 158b919..6f9228e 100644 --- a/ubi-utils/src/libubi.c +++ b/ubi-utils/src/libubi.c @@ -82,16 +82,17 @@ static int read_positive_ll(const char *file, long long *value) if (fd == -1) return -1; - rd = read(fd, buf, 50); + rd = read(fd, buf, sizeof(buf)); if (rd == -1) { sys_errmsg("cannot read \"%s\"", file); goto out_error; } - if (rd == 50) { + if (rd == sizeof(buf)) { errmsg("contents of \"%s\" is too long", file); errno = EINVAL; goto out_error; } + buf[rd] = '\0'; if (sscanf(buf, "%lld\n", value) != 1) { errmsg("cannot read integer from \"%s\"\n", file); @@ -165,6 +166,7 @@ static int read_data(const char *file, void *buf, int buf_len) sys_errmsg("cannot read \"%s\"", file); goto out_error; } + ((char *)buf)[rd] = '\0'; /* Make sure all data is read */ tmp1 = read(fd, &tmp, 1); @@ -1243,7 +1245,7 @@ int ubi_set_property(int fd, uint8_t property, uint64_t value) { struct ubi_set_prop_req r; - memset(&r, sizeof(struct ubi_set_prop_req), '\0'); + memset(&r, 0, sizeof(struct ubi_set_prop_req)); r.property = property; r.value = value; |