From 92ac1d5a13859e5dc65c94aaa94559680f2e26c9 Mon Sep 17 00:00:00 2001 From: Gaetan Rivet Date: Fri, 4 Aug 2017 17:30:23 +0200 Subject: [PATCH] eal: fix hotplug device parsing snprintf returns the length it would have written had the given length been enough, *terminating null byte excluded*. It will however limit the length of its writing to given length minus one, and always put a terminating null-byte at the end of the string. This must be taken into account when calculating the total length of the device declaration string. Fixes: 3054036f054a ("eal: fix possible crash in hotplug") Signed-off-by: Gaetan Rivet --- lib/librte_eal/common/eal_common_dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/librte_eal/common/eal_common_dev.c b/lib/librte_eal/common/eal_common_dev.c index fc8a4d2278..e251275575 100644 --- a/lib/librte_eal/common/eal_common_dev.c +++ b/lib/librte_eal/common/eal_common_dev.c @@ -133,7 +133,7 @@ full_dev_name(const char *bus, const char *dev, const char *args) char *name; size_t len; - len = snprintf(NULL, 0, "%s:%s,%s", bus, dev, args); + len = snprintf(NULL, 0, "%s:%s,%s", bus, dev, args) + 1; name = calloc(1, len); if (name == NULL) { RTE_LOG(ERR, EAL, "Could not allocate full device name\n"); -- 2.20.1