libs/rt-thread-official
libs
/
rt-thread-official
mirror of https://github.com/RT-Thread/rt-thread.git
4
0
Fork 0
Code Issues Releases Wiki Activity

[dfsv2] fixup out-of-memory access (#8973) 

This change addresses a potential out-of-memory access issue in the
devfs filesystem component. The issue arises when the `rt_malloc`
function allocates memory for a path string without accounting for
the null terminator, leading to undefined behavior.

As the manual documented:

> DESCRIPTION
>   The strlen() function calculates the length of the string pointed to
>   by s, excluding the terminating null byte ('\0').

To fix this, the memory allocation size was increased by one byte
to ensure space for the null terminator. This prevents potential
out-of-memory access and ensures proper string termination.

Signed-off-by: Shell <smokewood@qq.com>
This commit is contained in:
Shell 2024-05-21 19:45:08 +08:00 committed by GitHub
parent 6101f1fd29
commit 5f947863b4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
components/dfs/dfs_v2/filesystems/devfs/devfs.c
View File

@ -427,7 +427,7 @@ mode_t dfs_devfs_device_to_mode(struct rt_device *device)
static void dfs_devfs_mkdir(const char *fullpath, mode_t mode)
{
int len = rt_strlen(fullpath);
char *path = (char *)rt_malloc(len);
char *path = (char *)rt_malloc(len + 1);
if (path)
{