From 78e4c2b449c6d0a18e2bfaea29f3a0eadb42c5f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= Date: Wed, 16 Apr 2014 17:05:43 +0300 Subject: [PATCH] lib: Fix potential out of bounds access in ring stop code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The subsequet code expects the read() to not have filled the entire buffer, and yet we allow it to do so. Reduce the size passed to read() by 1 to make the code sane. Signed-off-by: Ville Syrjälä --- lib/igt_debugfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/igt_debugfs.c b/lib/igt_debugfs.c index 52b8e2fe..4fd2e5aa 100644 --- a/lib/igt_debugfs.c +++ b/lib/igt_debugfs.c @@ -666,7 +666,7 @@ enum stop_ring_flags igt_get_stop_rings(void) fd = igt_debugfs_open("i915_ring_stop", O_RDONLY); igt_assert(fd >= 0); - l = read(fd, buf, sizeof(buf)); + l = read(fd, buf, sizeof(buf)-1); igt_assert(l > 0); igt_assert(l < sizeof(buf));