[LTP] [PATCH v1] tst_tmpdir: Fix buffer overflow in tst_tmpdir.c
Jan Stancek
jstancek@redhat.com
Fri May 23 08:01:56 CEST 2025
On Thu, May 22, 2025 at 9:39 PM Petr Vorel <pvorel@suse.cz> wrote:
>
> Hi Wei, all,
>
> @all: is this a candidate for a release? It'd be nice to get it fixed.
I'd wait after release, it's not a trivial change and other than static analysis
there are no reports of it actually happening. And it also allows more time
for review.
>
> > Using sprintf without length checking in tst_tmpdir may lead to buffer overflow.
> > So in this patch use openat() instead of open().
>
> LGTM, but it'd be nice if we could use only rmobjat().
>
> Could you please remove the unused variable?
>
> tst_tmpdir.c: In function ‘rmobjat’:
> tst_tmpdir.c:327:21: warning: unused variable ‘statbuf’ [-Wunused-variable]
> 327 | struct stat statbuf;
> | ^~~~~~~
>
>
> Suggested-by: Cyril Hrubis <chrubis@suse.cz>
>
> > Fixs:1241
>
> This is better as it shows link in GitHub web:
> Fixes: #1241
>
> Or, IMHO better
> Fixes: https://github.com/linux-test-project/ltp/issues/1241
>
> Kind regards,
> Petr
>
More information about the ltp
mailing list