From 547c5936613ef296559eda5177b6391cfbbfb5c6 Mon Sep 17 00:00:00 2001 From: GeLiXin Date: Thu, 22 Dec 2016 03:27:24 +0800 Subject: Fix coverity defects: CID 147587 CID 147587: Out-of-bounds read Future changes may cause an array overrun of 4096 bytes at byte offset 4096 by dereferencing pointer dstp. Adding this additional check ensures correctness. Reviewed-by: Chunwei Chen Reviewed-by: Brian Behlendorf Signed-off-by: GeLiXin Closes #5297 --- cmd/zed/zed_event.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'cmd/zed') diff --git a/cmd/zed/zed_event.c b/cmd/zed/zed_event.c index 1a5f15ebf..b289ebf22 100644 --- a/cmd/zed/zed_event.c +++ b/cmd/zed/zed_event.c @@ -264,6 +264,13 @@ _zed_event_add_var(uint64_t eid, zed_strings_t *zsp, *dstp++ = '='; buflen--; + if (buflen <= 0) { + errno = EMSGSIZE; + zed_log_msg(LOG_WARNING, "Failed to add %s for eid=%llu: %s", + keybuf, eid, "Exceeded buffer size"); + return (-1); + } + va_start(vargs, fmt); n = vsnprintf(dstp, buflen, fmt, vargs); va_end(vargs); -- cgit v1.2.3