From 98ef774eaae6e2279caaa1aa8582350e7594377c Mon Sep 17 00:00:00 2001
From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Date: Mon, 8 Aug 2022 11:02:59 -0600
Subject: [PATCH] api.c: add precision to fscanf(), in
 cgroup_populate_controllers()

Fix calling risky function warning, reported by Coverity tool:

CID 258305 (#1 of 1): Calling risky function
(DC.STREAM_BUFFER)dont_call: fscanf assumes an arbitrarily long string,
so callers must use correct precision specifiers or never use fscanf.

As per secure coding standard, using '%s' in the fscanf() is not
recommend, hence fix it by using the precision of macro
MAX_CGROUP_TYPE_NAMELEN borrowed from Linux Kernel for the maximum
allowed controller/subsys_name length.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 04169a9bef0ee77c18cd5a2e2d9f6e49f6057e32)
---
 src/api.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/api.c b/src/api.c
index df7957a1..80387946 100644
--- a/src/api.c
+++ b/src/api.c
@@ -1362,7 +1362,11 @@ static int cgroup_populate_controllers(char *controllers[CG_CONTROLLER_MAX])
 
 	i = 0;
 	while (!feof(proc_cgroup)) {
-		err = fscanf(proc_cgroup, "%s %d %d %d", subsys_name, &hierarchy, &num_cgroups,
+		/*
+		 * check Linux Kernel sources/kernel/cgroup/cgroup.c cgroup_init_early(),
+		 * MAX_CGROUP_TYPE_NAMELEN check for details on why 32 is used.
+		 */
+		err = fscanf(proc_cgroup, "%32s %d %d %d", subsys_name, &hierarchy, &num_cgroups,
 			     &enabled);
 		if (err < 0)
 			break;
-- 
2.47.2