libubi: fix multiple memory corruptions

The memset is obviously wrong, and valgrind tells
use there are some uninitialised bytes used after read()

Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>

diff --git a/ubi-utils/src/libubi.c b/ubi-utils/src/libubi.c
index 158b919f93555d7d90697ee6afd9d96b266ae1fc..6f9228e459b21aaa3d7d742333100bffac3617ad 100644 (file)
--- a/ubi-utils/src/libubi.c
+++ b/ubi-utils/src/libubi.c
@@ -82,16 +82,17 @@ static int read_positive_ll(const char *file, long long *value)
        if (fd == -1)
                return -1;
 
-       rd = read(fd, buf, 50);
+       rd = read(fd, buf, sizeof(buf));
        if (rd == -1) {
                sys_errmsg("cannot read \"%s\"", file);
                goto out_error;
        }
-       if (rd == 50) {
+       if (rd == sizeof(buf)) {
                errmsg("contents of \"%s\" is too long", file);
                errno = EINVAL;
                goto out_error;
        }
+       buf[rd] = '\0';
 
        if (sscanf(buf, "%lld\n", value) != 1) {
                errmsg("cannot read integer from \"%s\"\n", file);
@@ -165,6 +166,7 @@ static int read_data(const char *file, void *buf, int buf_len)
                sys_errmsg("cannot read \"%s\"", file);
                goto out_error;
        }
+       ((char *)buf)[rd] = '\0';
 
        /* Make sure all data is read */
        tmp1 = read(fd, &tmp, 1);
@@ -1243,7 +1245,7 @@ int ubi_set_property(int fd, uint8_t property, uint64_t value)
 {
        struct ubi_set_prop_req r;
 
-       memset(&r, sizeof(struct ubi_set_prop_req), '\0');
+       memset(&r, 0, sizeof(struct ubi_set_prop_req));
        r.property = property;
        r.value = value;