From: Ján Tomko <jtomko@redhat.com>
Date: Sun, 2 Aug 2020 21:03:10 +0000 (+0200)
Subject: util: virhostmem: do not use scanf without field limits
X-Git-Tag: v6.7.0-rc1~231
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0354bf2e065ba741608f5b4a87513bf305aafa68;p=thirdparty%2Flibvirt.git

util: virhostmem: do not use scanf without field limits

We use an array of size VIR_NODE_MEMORY_STATS_FIELD_LENGTH
to store the string read from sysfs, but pass unbound "%s"
to sscanf.

Make the array larger by one and simply stringify that
constant as the field width specifier.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
---

diff --git a/src/util/virhostmem.c b/src/util/virhostmem.c
index 9097716f54..2f60e2a250 100644
--- a/src/util/virhostmem.c
+++ b/src/util/virhostmem.c
@@ -148,7 +148,7 @@ virHostMemGetStatsLinux(FILE *meminfo,
     int found = 0;
     int nr_param;
     char line[1024];
-    char meminfo_hdr[VIR_NODE_MEMORY_STATS_FIELD_LENGTH];
+    char meminfo_hdr[VIR_NODE_MEMORY_STATS_FIELD_LENGTH + 1];
     unsigned long val;
     struct field_conv {
         const char *meminfo_hdr;  /* meminfo header */
@@ -207,8 +207,10 @@ virHostMemGetStatsLinux(FILE *meminfo,
             buf = p;
         }
 
-        if (sscanf(buf, "%s %lu kB", meminfo_hdr, &val) < 2)
+# define MEM_MAX_LEN G_STRINGIFY(VIR_NODE_MEMORY_STATS_FIELD_LENGTH)
+        if (sscanf(buf, "%" MEM_MAX_LEN "s %lu kB", meminfo_hdr, &val) < 2)
             continue;
+# undef MEM_MAX_LEN
 
         for (j = 0; field_conv[j].meminfo_hdr != NULL; j++) {
             struct field_conv *convp = &field_conv[j];