]> granicus.if.org Git - procps-ng/commitdiff
library: add parameter checks for 'get', <MEMINFO> api
authorJim Warner <james.warner@comcast.net>
Wed, 1 Jun 2016 05:00:00 +0000 (00:00 -0500)
committerCraig Small <csmall@dropbear.xyz>
Tue, 7 Jun 2016 11:04:43 +0000 (21:04 +1000)
When this interface was normalized/standardized, under
the commit referenced below, the parameters were never
validated in the 'get' function. Let's plug that hole.

Reference(s):
commit 407f1b71de3c4baed23d897b86ad316b64ad1ec9

Signed-off-by: Jim Warner <james.warner@comcast.net>
proc/meminfo.c

index 36a48a6434c4dc5b6e35aacca0e39a5764d39a3a..3e7064be0393c64d4430255933165e0e8c7d19fa 100644 (file)
@@ -548,7 +548,7 @@ static inline int items_check_failed (
      *
      * warning: incompatible integer to pointer conversion passing 'int' to parameter of type 'enum meminfo_item *'
      * my_stack = procps_meminfo_select(info, PROCPS_MEMINFO_noop, num);
-     *                                     ^~~~~~~~~~~~~~~~
+     *                                        ^~~~~~~~~~~~~~~~
      */
     if (numitems < 1
     || (void *)items < (void *)(unsigned long)(2 * PROCPS_MEMINFO_logical_end))
@@ -951,6 +951,11 @@ PROCPS_EXPORT signed long procps_meminfo_get (
     time_t cur_secs;
     int rc;
 
+    if (info == NULL)
+        return -EINVAL;
+    if (item < 0 || item >= PROCPS_MEMINFO_logical_end)
+        return -EINVAL;
+
     /* we will NOT read the meminfo file with every call - rather, we'll offer
        a granularity of 1 second between reads ... */
     cur_secs = time(NULL);