projects / sdk / emulator / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fde57f5)
osutil: fix buffer overflow case on linux. 12/18012/2
authorKitae Kim <kt920.kim@samsung.com>
Wed, 22 Jan 2014 02:43:59 +0000 (11:43 +0900)
committerKitae Kim <kt920.kim@samsung.com>
Tue, 18 Mar 2014 05:24:42 +0000 (14:24 +0900)
The buffer that indicates the path of emulator log is bigger than
a command buffer that contains log path and a linux command.

Change-Id: I988276c650311ffb5c1d0f820eb82bd8728e6c2e
Signed-off-by: Kitae Kim <kt920.kim@samsung.com>
tizen/src/osutil-linux.c patch | blob | history

diff --git a/tizen/src/osutil-linux.c b/tizen/src/osutil-linux.c
index c90af7e..39bcf5b 100644 (file)
--- a/tizen/src/osutil-linux.c
+++ b/tizen/src/osutil-linux.c
@@ -157,7 +157,7 @@ void set_bin_path_os(gchar * exec_argv)
 
     ssize_t len = readlink("/proc/self/exe", link_path, sizeof(link_path) - 1);
 
-    if (len < 0 || len > sizeof(link_path)) {
+    if (len < 0 || len > (sizeof(link_path) - 1)) {
         perror("set_bin_path error : ");
         return;
     }
@@ -213,23 +213,35 @@ void print_system_info_os(void)
 
     /* get linux distribution information */
     INFO("* Linux distribution infomation :\n");
-    char lsb_release_cmd[MAXLEN] = "lsb_release -d -r -c >> ";
-    strcat(lsb_release_cmd, log_path);
-    if(system(lsb_release_cmd) < 0) {
+    const gchar lsb_release_cmd[MAXLEN] = "lsb_release -d -r -c >> ";
+    gchar *buffer = NULL;
+    gint buffer_size = strlen(lsb_release_cmd) + strlen(log_path) + 1;
+
+    buffer = g_malloc(buffer_size);
+
+    g_snprintf(buffer, buffer_size, "%s%s", lsb_release_cmd, log_path);
+
+    if (system(buffer) < 0) {
         INFO("system function command '%s' \
-            returns error !", lsb_release_cmd);
+                returns error !", buffer);
     }
+    g_free(buffer);
 
     /* pci device description */
     INFO("* Host PCI devices :\n");
-    char lspci_cmd[MAXLEN] = "lspci >> ";
-    strcat(lspci_cmd, log_path);
+    const gchar lspci_cmd[MAXLEN] = "lspci >> ";
+    buffer_size = strlen(lspci_cmd) + strlen(log_path) + 1;
+
+    buffer = g_malloc(buffer_size);
+
+    g_snprintf(buffer, buffer_size, "%s%s", lspci_cmd, log_path);
 
     fflush(stdout);
-    if(system(lspci_cmd) < 0) {
+    if (system(buffer) < 0) {
         INFO("system function command '%s' \
-            returns error !", lspci_cmd);
+                returns error !", buffer);
     }
+    g_free(buffer);
 }
 
 char *get_timeofday(void)
Domain: SDK / Emulator;