In proc/slab.c, functions parse_slabinfo20() and parse_slabinfo11(),
sscanf() might overflow curr->name, because "String input conversions
store a terminating null byte ('\0') to mark the end of the input; the
maximum field width does not include this terminator."
Add one byte to name[] for this terminator.
---------------------------- adapted for newlib branch
. file is now proc/slabinfo.c (not .h)
. manifest constant renamed SLABINFO_NAME_LEN
. older parse_slabinfo11() function no longer present
Signed-off-by: Jim Warner <james.warner@comcast.net>
};
struct slabs_node {
- char name[SLABINFO_NAME_LEN]; // name of this cache
+ char name[SLABINFO_NAME_LEN+1]; // name of this cache
unsigned long cache_size; // size of entire cache
unsigned int nr_objs; // number of objects in this cache
unsigned int nr_active_objs; // number of active objects