proc/slab.h: Fix off-by-one overflow in sscanf().
In proc/slab.c, functions parse_slabinfo20() and parse_slabinfo11(), sscanf() might overflow curr->name, because "String input conversions store a terminating null byte ('\0') to mark the end of the input; the maximum field width does not include this terminator." Add one byte to name[] for this terminator.
This commit is contained in:
parent
bf12b14db9
commit
3ccc6ed262
@ -4,7 +4,7 @@
|
|||||||
#define SLAB_INFO_NAME_LEN 128
|
#define SLAB_INFO_NAME_LEN 128
|
||||||
|
|
||||||
struct slab_info {
|
struct slab_info {
|
||||||
char name[SLAB_INFO_NAME_LEN]; /* name of this cache */
|
char name[SLAB_INFO_NAME_LEN+1]; /* name of this cache */
|
||||||
struct slab_info *next;
|
struct slab_info *next;
|
||||||
unsigned long cache_size; /* size of entire cache */
|
unsigned long cache_size; /* size of entire cache */
|
||||||
unsigned nr_objs; /* number of objects in this cache */
|
unsigned nr_objs; /* number of objects in this cache */
|
||||||
|
Loading…
Reference in New Issue
Block a user