xfs
[Top] [All Lists]

Re: [PATCH] xfsprogs: avoid array overflow in pf_batch_read()

To: Eric Sandeen <sandeen@xxxxxxxxxx>
Subject: Re: [PATCH] xfsprogs: avoid array overflow in pf_batch_read()
From: Dave Chinner <david@xxxxxxxxxxxxx>
Date: Mon, 2 Sep 2013 20:14:58 +1000
Cc: xfs-oss <xfs@xxxxxxxxxxx>
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <522017A4.8060400@xxxxxxxxxx>
References: <522017A4.8060400@xxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)
On Thu, Aug 29, 2013 at 10:55:16PM -0500, Eric Sandeen wrote:
> The while loop in pf_batch_read, and the code preceeding it, is really...
> quite a thing.  I'd love to rewrite it, but I haven't yet found
> a particularly cleaner way.
> 
> It cleverly hides the fact that we might increment "num" past the
> last index of bplist[] and then assign to it.  This corrupts memory.
> 
> Rather than major surgery for now, just go for the simple fix,
> and break out of the loop if we've increased "num" past the
> last index.

looks good.

Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>

-- 
Dave Chinner
david@xxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>
  • Re: [PATCH] xfsprogs: avoid array overflow in pf_batch_read(), Dave Chinner <=