0042-proc/slab.h: Fix off-by-one overflow in sscanf().

In proc/slab.c, functions parse_slabinfo20() and parse_slabinfo11(),
sscanf() might overflow curr->name, because "String input conversions
store a terminating null byte ('\0') to mark the end of the input; the
maximum field width does not include this terminator."

Add one byte to name[] for this terminator.

---------------------------- adapted for newlib branch
. file is now proc/slabinfo.c (not .h)
. manifest constant renamed SLABINFO_NAME_LEN
. older parse_slabinfo11() function no longer present

Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent d3ff255fa5
commit d1729bed6b

View File

@ -76,7 +76,7 @@ struct slabs_summ {
};
struct slabs_node {
char name[SLABINFO_NAME_LEN]; // name of this cache
char name[SLABINFO_NAME_LEN+1]; // name of this cache
unsigned long cache_size; // size of entire cache
unsigned int nr_objs; // number of objects in this cache
unsigned int nr_active_objs; // number of active objects