Looks good, thanks for the patch Li Zhong. it has been committed.
--Rich
Reviewed-by: Rich Johnston <rjohnston@xxxxxxx>
commit e7c05095f5baa9cd2e35a6de03d7dd9f51dd3910
Author: Li Zhong <zhong@xxxxxxxxxxxxxxxxxx>
Date: Mon Aug 12 06:11:01 2013 +0000
xfsprogs: fix Out-of-bounds access in repair/dinode.c
On 08/12/2013 01:11 AM, Li Zhong wrote:
Following is reported by coverity in bug 1061528:
187 __dirty_no_modify_ret(dirty);
CID 1061528 (#1 of 1): Out-of-bounds access (OVERRUN)53. overrun-buffer-arg: Overrunning array
"dinoc->di_pad" of 6 bytes by passing it to a function which accesses it at byte offset
15 using argument "16UL".
188 memset(dinoc->di_pad, 0, 16);
It seems that di_pad here should be di_pad2, as sekharan pointed out.
Signed-off-by: Li Zhong <zhong@xxxxxxxxxxxxxxxxxx>
---
repair/dinode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/repair/dinode.c b/repair/dinode.c
index e607f0b..94bf2f8 100644
--- a/repair/dinode.c
+++ b/repair/dinode.c
@@ -183,9 +183,9 @@ clear_dinode_core(struct xfs_mount *mp, xfs_dinode_t
*dinoc, xfs_ino_t ino_num)
}
for (i = 0; i < 16; i++) {
- if (dinoc->di_pad[i] != 0) {
+ if (dinoc->di_pad2[i] != 0) {
__dirty_no_modify_ret(dirty);
- memset(dinoc->di_pad, 0, 16);
+ memset(dinoc->di_pad2, 0, 16);
break;
}
}
|