diff options
| author | Tomohiro Kusumi <[email protected]> | 2019-05-01 11:41:12 +0900 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2019-04-30 19:41:12 -0700 |
| commit | f0ce0436aa801a5b281f93a456d394fe141034f7 (patch) | |
| tree | c4ecfffe9b4b2915215e2a38fc0eaa9d94df0a62 | |
| parent | 77449a1ab0467a6fc43211a9c19d6f60be52a737 (diff) | |
Correct snprintf() size argument
The size argument of snprintf(3) in glibc and snprintf() in Linux
kernel includes trailing \0, as snprintf(3) man page explains it as
"write at most size bytes (including the trailing null byte ('\0'))",
i.e. snprintf() can just take buffer size.
e.g. For snprintf() in module/zfs/zfs_ctldir.c, a buffer size is
MAXPATHLEN, and a caller is passing MAXPATHLEN to snprintf(), so size
should just be `path_len` to do what the caller is trying to do.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: George Melikov <[email protected]>
Reviewed-by: Richard Laager <[email protected]>
Signed-off-by: Tomohiro Kusumi <[email protected]>
Closes #8692
| -rw-r--r-- | lib/libzfs/libzfs_sendrecv.c | 6 | ||||
| -rw-r--r-- | module/spl/spl-err.c | 2 | ||||
| -rw-r--r-- | module/zfs/zfs_ctldir.c | 3 |
3 files changed, 5 insertions, 6 deletions
diff --git a/lib/libzfs/libzfs_sendrecv.c b/lib/libzfs/libzfs_sendrecv.c index d68efd96e..2c2eca8db 100644 --- a/lib/libzfs/libzfs_sendrecv.c +++ b/lib/libzfs/libzfs_sendrecv.c @@ -971,7 +971,7 @@ send_iterate_fs(zfs_handle_t *zhp, void *arg) char snapname[MAXPATHLEN] = { 0 }; zfs_handle_t *snap; - (void) snprintf(snapname, sizeof (snapname) - 1, "%s@%s", + (void) snprintf(snapname, sizeof (snapname), "%s@%s", zhp->zfs_name, sd->tosnap); if (sd->fromsnap != NULL) sd->seenfrom = B_TRUE; @@ -1524,7 +1524,7 @@ dump_filesystem(zfs_handle_t *zhp, void *arg) zfs_handle_t *snap; if (!sdd->seenfrom) { - (void) snprintf(snapname, sizeof (snapname) - 1, + (void) snprintf(snapname, sizeof (snapname), "%s@%s", zhp->zfs_name, sdd->fromsnap); snap = zfs_open(zhp->zfs_hdl, snapname, ZFS_TYPE_SNAPSHOT); @@ -1535,7 +1535,7 @@ dump_filesystem(zfs_handle_t *zhp, void *arg) } if (rv == 0) { - (void) snprintf(snapname, sizeof (snapname) - 1, + (void) snprintf(snapname, sizeof (snapname), "%s@%s", zhp->zfs_name, sdd->tosnap); snap = zfs_open(zhp->zfs_hdl, snapname, ZFS_TYPE_SNAPSHOT); diff --git a/module/spl/spl-err.c b/module/spl/spl-err.c index 4c8f818a9..3c0bb71c0 100644 --- a/module/spl/spl-err.c +++ b/module/spl/spl-err.c @@ -86,7 +86,7 @@ vcmn_err(int ce, const char *fmt, va_list ap) { char msg[MAXMSGLEN]; - vsnprintf(msg, MAXMSGLEN - 1, fmt, ap); + vsnprintf(msg, MAXMSGLEN, fmt, ap); switch (ce) { case CE_IGNORE: diff --git a/module/zfs/zfs_ctldir.c b/module/zfs/zfs_ctldir.c index 485f21b79..9ff492eb4 100644 --- a/module/zfs/zfs_ctldir.c +++ b/module/zfs/zfs_ctldir.c @@ -766,8 +766,7 @@ zfsctl_snapshot_path_objset(zfsvfs_t *zfsvfs, uint64_t objsetid, break; } - memset(full_path, 0, path_len); - snprintf(full_path, path_len - 1, "%s/.zfs/snapshot/%s", + snprintf(full_path, path_len, "%s/.zfs/snapshot/%s", zfsvfs->z_vfs->vfs_mntpoint, snapname); out: kmem_free(snapname, ZFS_MAX_DATASET_NAME_LEN); |