Qualys Security Advisory 3ccc6ed262 proc/slab.h: Fix off-by-one overflow in sscanf(). ...

In proc/slab.c, functions parse_slabinfo20() and parse_slabinfo11(),
sscanf() might overflow curr->name, because "String input conversions
store a terminating null byte ('\0') to mark the end of the input; the
maximum field width does not include this terminator."

Add one byte to name[] for this terminator.

2018-05-19 07:32:21 +10:00

1.8 KiB

Raw Blame History

View Raw