cgfsng: fix cgroup attach cgroup creation

\e[01m\e[Kcgroups/cgfsng.c:\e[m\e[K In function ‘\e[01m\e[Kcgroup_attach_leaf.constprop\e[m\e[K’:
\e[01m\e[Kcgroups/cgfsng.c:2221:10:\e[m\e[K \e[01;31m\e[Kerror: \e[m\e[Kwriting 1 byte into a region of size 0 [\e[01;31m\e[K-Werror=stringop-overflow=\e[m\e[K]
 2221 |   \e[01;31m\e[K*slash = '\0'\e[m\e[K;
      |   \e[01;31m\e[K~~~~~~~^~~~~~\e[m\e[K
\e[01m\e[Kcgroups/cgfsng.c:2213:8:\e[m\e[K \e[01;36m\e[Knote: \e[m\e[Kat offset -13 to object ‘\e[01m\e[Kattach_cgroup\e[m\e[K’ with size 23 declared here
 2213 |   char \e[01;36m\e[Kattach_cgroup\e[m\e[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
      |        \e[01;36m\e[K^~~~~~~~~~~~~\e[m\e[K
\e[01m\e[Kcgroups/cgfsng.c:2229:10:\e[m\e[K \e[01;31m\e[Kerror: \e[m\e[Kwriting 1 byte into a region of size 0 [\e[01;31m\e[K-Werror=stringop-overflow=\e[m\e[K]
 2229 |   \e[01;31m\e[K*slash = '/'\e[m\e[K;
      |   \e[01;31m\e[K~~~~~~~^~~~~\e[m\e[K
\e[01m\e[Kcgroups/cgfsng.c:2213:8:\e[m\e[K \e[01;36m\e[Knote: \e[m\e[Kat offset -13 to object ‘\e[01m\e[Kattach_cgroup\e[m\e[K’ with size 23 declared here
 2213 |   char \e[01;36m\e[Kattach_cgroup\e[m\e[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
      |        \e[01;36m\e[K^~~~~~~~~~~~~\e[m\e[K
\e[01m\e[Kcgroups/cgfsng.c:2229:10:\e[m\e[K \e[01;31m\e[Kerror: \e[m\e[Kwriting 1 byte into a region of size 0 [\e[01;31m\e[K-Werror=stringop-overflow=\e[m\e[K]
 2229 |   \e[01;31m\e[K*slash = '/'\e[m\e[K;
      |   \e[01;31m\e[K~~~~~~~^~~~~\e[m\e[K
\e[01m\e[Kcgroups/cgfsng.c:2213:8:\e[m\e[K \e[01;36m\e[Knote: \e[m\e[Kat offset -13 to object ‘\e[01m\e[Kattach_cgroup\e[m\e[K’ with size 23 declared here
 2213 |   char \e[01;36m\e[Kattach_cgroup\e[m\e[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
      |        \e[01;36m\e[K^~~~~~~~~~~~~\e[m\e[K

Link: https://launchpadlibrarian.net/494354168/buildlog_ubuntu-groovy-armhf.lxc_1%3A4.0.4-0ubuntu1_BUILDING.txt.gz
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 85afc63af91547a297e0646577f5672ec41d7322..3ab041e1f9fc86437629a83285fae03fc087b5ec 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2216,13 +2216,21 @@ static int cgroup_attach_leaf(const struct lxc_conf *conf, int unified_fd, pid_t
 
        do {
                bool rm = false;
-               char attach_cgroup[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
+               char attach_cgroup[STRLITERALLEN(".lxc-/cgroup.procs") + INTTYPE_TO_STRLEN(int) + 1];
                char *slash;
 
                ret = snprintf(attach_cgroup, sizeof(attach_cgroup), ".lxc-%d/cgroup.procs", idx);
                if (ret < 0 || (size_t)ret >= sizeof(attach_cgroup))
                        return ret_errno(EIO);
 
+               /*
+                * This shouldn't really happen but the compiler might complain
+                * that a short write would cause a buffer overrun. So be on
+                * the safe side.
+                */
+               if (ret < STRLITERALLEN(".lxc-/cgroup.procs"))
+                       return log_error_errno(-EINVAL, EINVAL, "Unexpected short write would cause buffer-overrun");
+
                slash = &attach_cgroup[ret] - STRLITERALLEN("/cgroup.procs");
                *slash = '\0';