tools/cgsnapshot: fix out-of-bounds write in parse_controllers()

Fix Out-of-bounds write warning, reported by Coverity tool:

CID 258289 (#2 of 2): Out-of-bounds write (OVERRUN)16. overrun-local:
Overrunning array controllers of 100 4096-byte elements at element index
100 (byte offset 413695) using index max (which evaluates to 100).

there are chances, that the index variable max dereferences controller
array might be over the array size of 100. Add upper bound checks
to index variable max, so that it doesn't overrun the controller array.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit de951069e925a697a047c6327a8578ef6b5d2353)

diff --git a/src/tools/cgsnapshot.c b/src/tools/cgsnapshot.c
index e20b6cb506c5ee36463555b4a2da14d0582932fa..0d20a20300a8bf11610f9b2eacff44c9180c7d75 100644 (file)
--- a/src/tools/cgsnapshot.c
+++ b/src/tools/cgsnapshot.c
@@ -566,7 +566,7 @@ static int parse_controllers(cont_name_t cont_names[CG_CONTROLLER_MAX],
                        /* we got new mount point, print it if needed */
                        if ((!(flags & FL_LIST) ||
                                (is_ctlr_on_list(controllers, cont_names)))
-                               && (max != 0)) {
+                               && (max != 0 && max < CG_CONTROLLER_MAX)) {
                                (controllers[max])[0] = '\0';
                                ret = display_controller_data(
                                        controllers, program_name);
@@ -588,7 +588,7 @@ static int parse_controllers(cont_name_t cont_names[CG_CONTROLLER_MAX],
 
        if ((!(flags & FL_LIST) ||
                (is_ctlr_on_list(controllers, cont_names)))
-               && (max != 0)) {
+               && (max != 0 && max < CG_CONTROLLER_MAX)) {
                (controllers[max])[0] = '\0';
                ret = display_controller_data(
                        controllers, program_name);