[PATCH][next] cpumask: allocate enough space for string and trailing '\0' char

From: Colin King
Date: Mon Nov 09 2020 - 08:36:27 EST

Next message: Marcel Holtmann: "Re: [PATCH v5] bluetooth: hci_h5: fix memory leak in h5_close"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 076/117] 9P: Cast to loff_t before multiplying"
Next in thread: Qian Cai: "Re: [PATCH][next] cpumask: allocate enough space for string and trailing '\0' char"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Colin Ian King <colin.king@xxxxxxxxxxxxx>

Currently the allocation of cpulist is based on the length of buf but does
not include the addition end of string '\0' terminator. Static analysis is
reporting this as a potential out-of-bounds access on cpulist. Fix this by
allocating enough space for the additional '\0' terminator.

Addresses-Coverity: ("Out-of-bounds access")
Fixes: 65987e67f7ff ("cpumask: add "last" alias for cpu list specifications")
Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
---
lib/cpumask.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/cpumask.c b/lib/cpumask.c
index 34ecb3005941..cb8a3ef0e73e 100644
--- a/lib/cpumask.c
+++ b/lib/cpumask.c
@@ -185,7 +185,7 @@ int __ref cpulist_parse(const char *buf, struct cpumask *dstp)
{
int r;
char *cpulist, last_cpu[5]; /* NR_CPUS <= 9999 */
- size_t len = strlen(buf);
+ size_t len = strlen(buf) + 1;
bool early = !slab_is_available();

if (!strcmp(buf, "all")) {
--
2.28.0

Next message: Marcel Holtmann: "Re: [PATCH v5] bluetooth: hci_h5: fix memory leak in h5_close"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 076/117] 9P: Cast to loff_t before multiplying"
Next in thread: Qian Cai: "Re: [PATCH][next] cpumask: allocate enough space for string and trailing '\0' char"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]