| Message ID | 3cfc5d226243fbc186c0b937c6150d7f00b84e6e.1590508215.git.aclaudi@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | Fix segfault in lib/bpf.c | expand |
diff --git a/lib/bpf.c b/lib/bpf.c index 23cb0d96a85ba..c7d45077c14e5 100644 --- a/lib/bpf.c +++ b/lib/bpf.c @@ -781,7 +781,11 @@ static const char *bpf_get_work_dir(enum bpf_prog_type type) } } - snprintf(bpf_wrk_dir, sizeof(bpf_wrk_dir), "%s/", mnt); + ret = snprintf(bpf_wrk_dir, sizeof(bpf_wrk_dir), "%s/", mnt); + if (ret < 0 || ret >= sizeof(bpf_wrk_dir)) { + mnt = NULL; + goto out; + } ret = bpf_gen_hierarchy(bpf_wrk_dir); if (ret) {
gcc v9.3.1 reports: bpf.c: In function ‘bpf_get_work_dir’: bpf.c:784:49: warning: ‘snprintf’ output may be truncated before the last format character [-Wformat-truncation=] 784 | snprintf(bpf_wrk_dir, sizeof(bpf_wrk_dir), "%s/", mnt); | ^ bpf.c:784:2: note: ‘snprintf’ output between 2 and 4097 bytes into a destination of size 4096 784 | snprintf(bpf_wrk_dir, sizeof(bpf_wrk_dir), "%s/", mnt); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fix this simply checking snprintf return code and properly handling the error. Fixes: e42256699cac ("bpf: make tc's bpf loader generic and move into lib") Signed-off-by: Andrea Claudi <aclaudi@redhat.com> --- lib/bpf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)