btl/uct: fix coverity findings #13528
Conversation
Fixes the following: ** CID 1675024: Memory - illegal accesses (BUFFER_SIZE) ** CID 1675023: Null pointer dereferences (REVERSE_INULL) ** CID 1675022: Error handling issues (CHECKED_RETURN) ** CID 1675021: Memory - illegal accesses (BUFFER_SIZE) Signed-off-by: Nathan Hjelm <hjelmn@google.com>
|
|
||
| memset(md_modex->md_name, 0, sizeof(md_modex->md_name)); | ||
| strncpy(md_modex->md_name, md->md_name, sizeof(md_modex->md_name)); | ||
| strncpy(md_modex->md_name, md->md_name, sizeof(md_modex->md_name) - 1); |
There was a problem hiding this comment.
Why -1 ? It makes no sense because how do you ensure there is a \0 at the end ?
There was a problem hiding this comment.
From the documentation.
No null-character is implicitly appended at the end of destination if source is longer than num. Thus, in this case, destination shall not be considered a null terminated C string (reading it as such would overflow).
So, by reducing the size by 1 it ensures the \0 written by the memset above it does not get overwritten by the strncpy().
There was a problem hiding this comment.
I understand the defensive programming approach, but all this cannot happen here, because of "context", something that coverity does not understand/handle. The modex string is of correct size because it was put there by another of the OMPI processes, so it already correct and includes the ending \0 in all cases, which means it works properly all the time. If we are concerned about incorrect modex information, or hacking tentative via the modex that's another story, but that's yet another story that cannot be fixed by just this patch.
2 participants
Fixes the following:
** CID 1675024: Memory - illegal accesses (BUFFER_SIZE)
** CID 1675023: Null pointer dereferences (REVERSE_INULL)
** CID 1675022: Error handling issues (CHECKED_RETURN)
** CID 1675021: Memory - illegal accesses (BUFFER_SIZE)