Avoid potential buffer overflow in make_filename()
Signed-off-by: Jens Axboe <axboe@fb.com>
diff --git a/init.c b/init.c
index dc563fd..a0d4f8c 100644
--- a/init.c
+++ b/init.c
@@ -1036,8 +1036,14 @@
ret = snprintf(dst, dst_left, "%s", jobname);
if (ret < 0)
break;
- dst += ret;
- dst_left -= ret;
+ else if (ret > dst_left) {
+ log_err("fio: truncated filename\n");
+ dst += dst_left;
+ dst_left = 0;
+ } else {
+ dst += ret;
+ dst_left -= ret;
+ }
break;
}
case FPRE_JOBNUM: {
@@ -1046,8 +1052,14 @@
ret = snprintf(dst, dst_left, "%d", jobnum);
if (ret < 0)
break;
- dst += ret;
- dst_left -= ret;
+ else if (ret > dst_left) {
+ log_err("fio: truncated filename\n");
+ dst += dst_left;
+ dst_left = 0;
+ } else {
+ dst += ret;
+ dst_left -= ret;
+ }
break;
}
case FPRE_FILENUM: {
@@ -1056,8 +1068,14 @@
ret = snprintf(dst, dst_left, "%d", filenum);
if (ret < 0)
break;
- dst += ret;
- dst_left -= ret;
+ else if (ret > dst_left) {
+ log_err("fio: truncated filename\n");
+ dst += dst_left;
+ dst_left = 0;
+ } else {
+ dst += ret;
+ dst_left -= ret;
+ }
break;
}
default: