projects / platform / core / system / memps.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d338103)
Bound maximum index for accessing array 52/242252/3 accepted/tizen/unified/20200826.133022 submit/tizen/20200826.010711
authorSeung-Woo Kim <sw0312.kim@samsung.com>
Tue, 25 Aug 2020 08:08:15 +0000 (17:08 +0900)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Wed, 26 Aug 2020 01:00:38 +0000 (10:00 +0900)
To avoid too large index to access buffer array, bound maximum
index.

Change-Id: Ifbf973cb4a90d708effce3aae6adc1029fb2850e
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
memps.c patch | blob | history

diff --git a/memps.c b/memps.c
index 7a64dd0..7f80618 100644 (file)
--- a/memps.c
+++ b/memps.c
@@ -550,32 +550,32 @@ static void get_mem_info(FILE *output_fp)
        while (fgets(buf, PATH_MAX, fp) != NULL) {
                if ((idx = strstr(buf, "MemTotal:"))) {
                        idx += strlen("Memtotal:");
-                       while (*idx < '0' || *idx > '9')
+                       while ((idx < buf + PATH_MAX) && (*idx < '0' || *idx > '9'))
                                idx++;
                        total_mem = atoi(idx);
                } else if ((idx = strstr(buf, "MemFree:"))) {
                        idx += strlen("MemFree:");
-                       while (*idx < '0' || *idx > '9')
+                       while ((idx < buf + PATH_MAX) && (*idx < '0' || *idx > '9'))
                                idx++;
                        free = atoi(idx);
                } else if ((idx = strstr(buf, "MemAvailable:"))) {
                        idx += strlen("MemAvailable:");
-                       while (*idx < '0' || *idx > '9')
+                       while ((idx < buf + PATH_MAX) && (*idx < '0' || *idx > '9'))
                                idx++;
                        available = atoi(idx);
                } else if ((idx = strstr(buf, "Cached:")) && !strstr(buf, "Swap")) {
                        idx += strlen("Cached:");
-                       while (*idx < '0' || *idx > '9')
+                       while ((idx < buf + PATH_MAX) && (*idx < '0' || *idx > '9'))
                                idx++;
                        cached = atoi(idx);
                } else if ((idx = strstr(buf, "SwapTotal:"))) {
                        idx += strlen("SwapTotal:");
-                       while (*idx < '0' || *idx > '9')
+                       while ((idx < buf + PATH_MAX) && (*idx < '0' || *idx > '9'))
                                idx++;
                        swap_total = atoi(idx);
                } else if ((idx = strstr(buf, "SwapFree:"))) {
                        idx += strlen("SwapFree");
-                       while (*idx < '0' || *idx > '9')
+                       while ((idx < buf + PATH_MAX) && (*idx < '0' || *idx > '9'))
                                idx++;
                        swap_free = atoi(idx);
                        break;
Domain: System / System Tools;