mirror of
https://github.com/checkpoint-restore/criu.git
synced 2026-07-17 16:47:50 +00:00
proc: Fix potential buffer overflow in parse_threads
When parse_threads() is called with a pre-allocated array (e.g., when re-parsing threads), it must ensure that the number of threads found in /proc does not exceed the size of the provided buffer. Add a check to prevent out-of-bounds access if the thread count increases unexpectedly. Signed-off-by: Andrei Vagin <avagin@google.com>
This commit is contained in:
parent
e956db75f7
commit
22c3ab6b8d
1 changed files with 6 additions and 0 deletions
|
|
@ -2570,6 +2570,12 @@ int parse_threads(int pid, struct pid **_t, int *_n)
|
|||
}
|
||||
t = tmp;
|
||||
t[nr - 1].ns[0].virt = -1;
|
||||
} else {
|
||||
if (nr > *_n) {
|
||||
pr_err("Too many threads for %d (%d > %d)\n", pid, nr, *_n);
|
||||
closedir(dir);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
t[nr - 1].real = atoi(de->d_name);
|
||||
t[nr - 1].state = TASK_THREAD;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue