@@ -12656,18 +12656,22 @@ static void verify_devcd(void *user_data)
struct test_data *data = tester_get_data();
const struct generic_data *test = data->test_data;
struct vhci *vhci = hciemu_get_vhci(data->hciemu);
- char buf[MAX_COREDUMP_BUF_LEN] = {0};
+ char buf[MAX_COREDUMP_BUF_LEN + 1] = {0};
+ int read;
char delim[] = "\n";
char *line;
char *saveptr;
int i = 0;
/* Read the generated devcoredump file */
- if (vhci_read_devcd(vhci, buf, sizeof(buf)) <= 0) {
+ read = vhci_read_devcd(vhci, buf, MAX_COREDUMP_BUF_LEN);
+ if (read <= 0) {
tester_warn("Unable to read devcoredump");
tester_test_failed();
return;
}
+ /* Make sure buf is nul-terminated */
+ buf[read + 1] = '\0';
/* Verify if all devcoredump header fields are present */
line = strtok_r(buf, delim, &saveptr);
Error: STRING_NULL (CWE-170): [#def59] [important] bluez-5.75/tools/mgmt-tester.c:12670:2: string_null_source: Function "vhci_read_devcd" does not terminate string "buf". bluez-5.75/tools/mgmt-tester.c:12677:2: string_null: Passing unterminated string "buf" to "strtok_r", which expects a null-terminated string. 12675| 12676| /* Verify if all devcoredump header fields are present */ 12677|-> line = strtok_r(buf, delim, &saveptr); 12678| while (strlen(test->expect_dump_data[i])) { 12679| if (!line || strcmp(line, test->expect_dump_data[i])) { --- tools/mgmt-tester.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)