summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYunhee Seo <yuni.seo@samsung.com>2024-07-16 16:21:32 +0900
committerYunhee Seo <yuni.seo@samsung.com>2024-07-24 15:48:26 +0900
commit1e5f505c977a59b2c220776e50a7699dcd47fcf2 (patch)
tree45339159873e15d54ee6191b643821daf6b32f10
parent0bb93d522f4f7aa05fd8f9b81e8654c38bbf4771 (diff)
downloaddevice-vim3-tizen.tar.gz
device-vim3-tizen.tar.bz2
device-vim3-tizen.zip
There was a missing code for handling the null character so that it doesn't exceed the array size when reading and storing strings. The code has been modified to handle the array safely. To avoid overflow issue, this is necessary. Change-Id: Ib75301a07906391c57fb739ef3399ff211cd1503 Signed-off-by: Yunhee Seo <yuni.seo@samsung.com>
-rw-r--r--src/util.c24
1 files changed, 12 insertions, 12 deletions
diff --git a/src/util.c b/src/util.c
index 80660b5..60311a0 100644
--- a/src/util.c
+++ b/src/util.c
@@ -30,31 +30,30 @@ static int sysfs_read_buf(char *path, char *buf, int len)
fd = open(path, O_RDONLY);
if (fd == -1)
- return -ENOENT;
+ return -errno;
r = read(fd, buf, len);
close(fd);
- if ((r < 0) || (r > len))
+ if ((r < 0) || (r >= len)) {
+ buf[0] = '\0';
return -EIO;
+ }
- /* Replace '\n' with space (ascii code is 32) */
- buf[strcspn(buf, "\n")] = (char)32;
buf[r] = '\0';
-
- return 0;
+ return r;
}
static int sysfs_write_buf(char *path, char *buf)
{
int w, fd;
- if ((!path) || (!buf))
+ if (!path || !buf)
return -EINVAL;
fd = open(path, O_WRONLY);
if (fd == -1)
- return -ENOENT;
+ return -errno;
w = write(fd, buf, strlen(buf));
close(fd);
@@ -67,17 +66,18 @@ static int sysfs_write_buf(char *path, char *buf)
int sysfs_read_int(char *path, int *val)
{
- char buf[MAX_BUF_SIZE + 1];
+ char buf[MAX_BUF_SIZE];
int r;
if ((!path) || (!val))
return -EINVAL;
- r = sysfs_read_buf(path, buf, MAX_BUF_SIZE);
+ r = sysfs_read_buf(path, buf, sizeof(buf));
if (r < 0)
return r;
*val = atoi(buf);
+
return 0;
}
@@ -97,13 +97,13 @@ int sysfs_read_str(char *path, char *str, int len)
int sysfs_write_int(char *path, int val)
{
- char buf[MAX_BUF_SIZE + 1];
+ char buf[MAX_BUF_SIZE];
int w;
if (!path)
return -EINVAL;
- snprintf(buf, MAX_BUF_SIZE, "%d", val);
+ snprintf(buf, sizeof(buf), "%d", val);
w = sysfs_write_buf(path, buf);
if (w < 0)
return w;