[asterisk-bugs] [JIRA] (DAHTOOL-89) dahdi_cfg: Destination buffer too small for snprintf output
Keith Morgan (JIRA)
noreply at issues.asterisk.org
Mon Oct 18 10:19:51 CDT 2021
[ https://issues.asterisk.org/jira/browse/DAHTOOL-89?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keith Morgan updated DAHTOOL-89:
--------------------------------
Assignee: Duncan Patterson (was: Keith Morgan)
> dahdi_cfg: Destination buffer too small for snprintf output
> -----------------------------------------------------------
>
> Key: DAHTOOL-89
> URL: https://issues.asterisk.org/jira/browse/DAHTOOL-89
> Project: DAHDI-Tools
> Issue Type: Bug
> Security Level: None
> Components: Utilities
> Affects Versions: 3.1.0
> Environment: Debian 10, kernel 5.10
> Reporter: N A
> Assignee: Duncan Patterson
>
> dahdi_cfg.c: In function ‘are_all_spans_assigned’:
> dahdi_cfg.c:153:7: warning: ‘/span_count’ directive output may be truncated writing 11 bytes into a region of size between 0 and 1023 [-Wformat-truncation=]
> 153 | "%s/span_count", device_path);
> | ^~~~~~~~~~~
> dahdi_cfg.c:152:2: note: ‘snprintf’ output between 12 and 1035 bytes into a destination of size 1023
> 152 | snprintf(attribute, sizeof(attribute) - 1,
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 153 | "%s/span_count", device_path);
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> The problem here is that the buffer size isn't accounting for the size of "/span_count" as well, which adds 12 characters.
> The attached patch resolves this issue: https://code.phreaknet.org/asterisk/dahdi/dahdi_cfg.diff
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list