projects / platform / hal / backend / vim3 / device-vim3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0bb93d5)
util: Add handling code to safely read and write arrays 14/314914/3 accepted/tizen_9.0_unified accepted/tizen_unified accepted/tizen_unified_dev accepted/tizen_unified_x_asan tizen tizen_9.0 accepted/tizen/9.0/unified/20241031.000146 accepted/tizen/unified/20240725.155018 accepted/tizen/unified/dev/20240729.000901 accepted/tizen/unified/x/asan/20241224.003811 tizen_9.0_m2_release
authorYunhee Seo <yuni.seo@samsung.com>
Tue, 16 Jul 2024 07:21:32 +0000 (16:21 +0900)
committerYunhee Seo <yuni.seo@samsung.com>
Wed, 24 Jul 2024 06:48:26 +0000 (15:48 +0900)
There was a missing code for handling the null character
so that it doesn't exceed the array size when reading and storing strings.
The code has been modified to handle the array safely.
To avoid overflow issue, this is necessary.

Change-Id: Ib75301a07906391c57fb739ef3399ff211cd1503
Signed-off-by: Yunhee Seo <yuni.seo@samsung.com>
src/util.c patch | blob | history

diff --git a/src/util.c b/src/util.c
index 80660b5886b787d1221d3807d23a8d5a2938d3bc..60311a0a181cb0f4c0ef4604d28f9e458f85c864 100644 (file)
--- a/src/util.c
+++ b/src/util.c
@@ -30,31 +30,30 @@ static int sysfs_read_buf(char *path, char *buf, int len)
 
        fd = open(path, O_RDONLY);
        if (fd == -1)
-               return -ENOENT;
+               return -errno;
 
        r = read(fd, buf, len);
        close(fd);
 
-       if ((r < 0) || (r > len))
+       if ((r < 0) || (r >= len)) {
+               buf[0] = '\0';
                return -EIO;
+       }
 
-       /* Replace '\n' with space (ascii code is 32) */
-       buf[strcspn(buf, "\n")] = (char)32;
        buf[r] = '\0';
-
-       return 0;
+       return r;
 }
 
 static int sysfs_write_buf(char *path, char *buf)
 {
        int w, fd;
 
-       if ((!path) || (!buf))
+       if (!path || !buf)
                return -EINVAL;
 
        fd = open(path, O_WRONLY);
        if (fd == -1)
-               return -ENOENT;
+               return -errno;
 
        w = write(fd, buf, strlen(buf));
        close(fd);
@@ -67,17 +66,18 @@ static int sysfs_write_buf(char *path, char *buf)
 
 int sysfs_read_int(char *path, int *val)
 {
-       char buf[MAX_BUF_SIZE + 1];
+       char buf[MAX_BUF_SIZE];
        int r;
 
        if ((!path) || (!val))
                return -EINVAL;
 
-       r = sysfs_read_buf(path, buf, MAX_BUF_SIZE);
+       r = sysfs_read_buf(path, buf, sizeof(buf));
        if (r < 0)
                return r;
 
        *val = atoi(buf);
+
        return 0;
 }
 
@@ -97,13 +97,13 @@ int sysfs_read_str(char *path, char *str, int len)
 
 int sysfs_write_int(char *path, int val)
 {
-       char buf[MAX_BUF_SIZE + 1];
+       char buf[MAX_BUF_SIZE];
        int w;
 
        if (!path)
                return -EINVAL;
 
-       snprintf(buf, MAX_BUF_SIZE, "%d", val);
+       snprintf(buf, sizeof(buf), "%d", val);
        w = sysfs_write_buf(path, buf);
        if (w < 0)
                return w;
Domain: System / System Framework Device Management;