From dec7d7d8b1a42a927c497f120833166166d9c7f3 Mon Sep 17 00:00:00 2001
From: Corentin Chary <corentincj@iksaif.net>
Date: Sat, 9 May 2009 11:41:07 +0200
Subject: libubi: fix multiple memory corruptions

The memset is obviously wrong, and valgrind tells
use there are some uninitialised bytes used after read()

Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
---
 ubi-utils/src/libubi.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'ubi-utils/src')

diff --git a/ubi-utils/src/libubi.c b/ubi-utils/src/libubi.c
index 158b919..6f9228e 100644
--- a/ubi-utils/src/libubi.c
+++ b/ubi-utils/src/libubi.c
@@ -82,16 +82,17 @@ static int read_positive_ll(const char *file, long long *value)
 	if (fd == -1)
 		return -1;
 
-	rd = read(fd, buf, 50);
+	rd = read(fd, buf, sizeof(buf));
 	if (rd == -1) {
 		sys_errmsg("cannot read \"%s\"", file);
 		goto out_error;
 	}
-	if (rd == 50) {
+	if (rd == sizeof(buf)) {
 		errmsg("contents of \"%s\" is too long", file);
 		errno = EINVAL;
 		goto out_error;
 	}
+	buf[rd] = '\0';
 
 	if (sscanf(buf, "%lld\n", value) != 1) {
 		errmsg("cannot read integer from \"%s\"\n", file);
@@ -165,6 +166,7 @@ static int read_data(const char *file, void *buf, int buf_len)
 		sys_errmsg("cannot read \"%s\"", file);
 		goto out_error;
 	}
+	((char *)buf)[rd] = '\0';
 
 	/* Make sure all data is read */
 	tmp1 = read(fd, &tmp, 1);
@@ -1243,7 +1245,7 @@ int ubi_set_property(int fd, uint8_t property, uint64_t value)
 {
 	struct ubi_set_prop_req r;
 
-	memset(&r, sizeof(struct ubi_set_prop_req), '\0');
+	memset(&r, 0, sizeof(struct ubi_set_prop_req));
 	r.property = property;
 	r.value = value;
 
-- 
cgit v1.2.3