summaryrefslogtreecommitdiff
path: root/ubi-utils
diff options
context:
space:
mode:
authorCorentin Chary <corentincj@iksaif.net>2009-05-09 11:41:07 +0200
committerArtem Bityutskiy <Artem.Bityutskiy@nokia.com>2009-05-11 18:30:30 +0300
commitdec7d7d8b1a42a927c497f120833166166d9c7f3 (patch)
treea18d9bade2d31856ddc17097c4a4dac4fb1ab804 /ubi-utils
parent999757f7e892375b1a8dfe8b0ccb3a139d8c7f71 (diff)
libubi: fix multiple memory corruptions
The memset is obviously wrong, and valgrind tells use there are some uninitialised bytes used after read() Signed-off-by: Corentin Chary <corentincj@iksaif.net> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Diffstat (limited to 'ubi-utils')
-rw-r--r--ubi-utils/src/libubi.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/ubi-utils/src/libubi.c b/ubi-utils/src/libubi.c
index 158b919..6f9228e 100644
--- a/ubi-utils/src/libubi.c
+++ b/ubi-utils/src/libubi.c
@@ -82,16 +82,17 @@ static int read_positive_ll(const char *file, long long *value)
if (fd == -1)
return -1;
- rd = read(fd, buf, 50);
+ rd = read(fd, buf, sizeof(buf));
if (rd == -1) {
sys_errmsg("cannot read \"%s\"", file);
goto out_error;
}
- if (rd == 50) {
+ if (rd == sizeof(buf)) {
errmsg("contents of \"%s\" is too long", file);
errno = EINVAL;
goto out_error;
}
+ buf[rd] = '\0';
if (sscanf(buf, "%lld\n", value) != 1) {
errmsg("cannot read integer from \"%s\"\n", file);
@@ -165,6 +166,7 @@ static int read_data(const char *file, void *buf, int buf_len)
sys_errmsg("cannot read \"%s\"", file);
goto out_error;
}
+ ((char *)buf)[rd] = '\0';
/* Make sure all data is read */
tmp1 = read(fd, &tmp, 1);
@@ -1243,7 +1245,7 @@ int ubi_set_property(int fd, uint8_t property, uint64_t value)
{
struct ubi_set_prop_req r;
- memset(&r, sizeof(struct ubi_set_prop_req), '\0');
+ memset(&r, 0, sizeof(struct ubi_set_prop_req));
r.property = property;
r.value = value;