From 713fa074a0129ba1676673582b2e9c9dc9eb40b1 Mon Sep 17 00:00:00 2001 From: Kamalesh Babulal Date: Wed, 27 Jul 2022 13:31:54 -0600 Subject: [PATCH] tools/cgsnapshot: fix out-of-bounds write in parse_controllers() Fix Out-of-bounds write warning, reported by Coverity tool: CID 258289 (#2 of 2): Out-of-bounds write (OVERRUN)16. overrun-local: Overrunning array controllers of 100 4096-byte elements at element index 100 (byte offset 413695) using index max (which evaluates to 100). there are chances, that the index variable max dereferences controller array might be over the array size of 100. Add upper bound checks to index variable max, so that it doesn't overrun the controller array. Signed-off-by: Kamalesh Babulal Signed-off-by: Tom Hromatka (cherry picked from commit de951069e925a697a047c6327a8578ef6b5d2353) --- src/tools/cgsnapshot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tools/cgsnapshot.c b/src/tools/cgsnapshot.c index e20b6cb5..0d20a203 100644 --- a/src/tools/cgsnapshot.c +++ b/src/tools/cgsnapshot.c @@ -566,7 +566,7 @@ static int parse_controllers(cont_name_t cont_names[CG_CONTROLLER_MAX], /* we got new mount point, print it if needed */ if ((!(flags & FL_LIST) || (is_ctlr_on_list(controllers, cont_names))) - && (max != 0)) { + && (max != 0 && max < CG_CONTROLLER_MAX)) { (controllers[max])[0] = '\0'; ret = display_controller_data( controllers, program_name); @@ -588,7 +588,7 @@ static int parse_controllers(cont_name_t cont_names[CG_CONTROLLER_MAX], if ((!(flags & FL_LIST) || (is_ctlr_on_list(controllers, cont_names))) - && (max != 0)) { + && (max != 0 && max < CG_CONTROLLER_MAX)) { (controllers[max])[0] = '\0'; ret = display_controller_data( controllers, program_name); -- 2.47.2