| Summary: | Linux/diskstats.c:192: off by one error ? | ||
|---|---|---|---|
| Product: | [Unmaintained] ksysguard | Reporter: | dcb314 |
| Component: | ksysguardd | Assignee: | KSysGuard Developers <ksysguard-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | notmart |
| Priority: | NOR | ||
| Version First Reported In: | 5.2.2 | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | Linux | ||
| Latest Commit: | https://invent.kde.org/plasma/ksysguard/commit/566d5faba288c9abdbc8436fea43d4c7207ea41e | Version Fixed/Implemented In: | |
| Sentry Crash Report: | |||
is it a console output or build error? Not sure how it matters, but basically a build error. I ran static analyser cppcheck over the code. A possibly relevant merge request was started @ https://invent.kde.org/plasma/ksysguard/-/merge_requests/20 Confirmed, with a really long disk device name the terminating NUL (written by sscanf) falls outside the buffer. I just filed a MR in invent to fix it. Git commit 566d5faba288c9abdbc8436fea43d4c7207ea41e by Arjen Hiemstra, on behalf of Adriaan de Groot. Committed on 01/07/2020 at 13:06. Pushed by ahiemstra into branch 'master'. Fix buffer-overflow The buffer for a sscanf() %s argument with a length needs to be 1 longer than the length, for the terminating NUL. M +6 -2 ksysguardd/Linux/diskstats.c https://invent.kde.org/plasma/ksysguard/commit/566d5faba288c9abdbc8436fea43d4c7207ea41e |
[../../../ksysguardd/Linux/diskstats.c:192]: (error) Width 20 given in format string (no. 3) is larger than destination buffer 'devname[20]', use %19s to prevent overflowing it. switch (sscanf(buf, "%d %d %" TOSTRING(DISKDEVNAMELEN) "s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu", Reproducible: Always