[PATCH] Fix possible memory corruption in xfs_readlink
aelder at sgi.com
Mon Oct 17 17:39:44 CDT 2011
On Mon, 2011-10-17 at 19:05 -0200, Carlos Maiolino wrote:
> Fixes a possible memory corruption when the link is larger than
> MAXPATHLEN and XFS_DEBUG is not enabled. This also remove the
> S_ISLNK assert, since the inode mode is checked previously in
> xfs_readlink_by_handle() and via VFS.
> Signed-off-by: Carlos Maiolino <cmaiolino at redhat.com>
I know this was discussed to death on IRC. But I didn't
get a chance to be a part of that committee so I have
a suggested change: use %llu format, not %lld.
Just to clarify, this is addressing something that could
happen if a corrupt filesystem led to an inode whose flags
indicate it's a symlink has a size that exceeds the maximum
path length. And without your fix, the memcpy() in
xfs_readlink() could overflow the memory it's provided.
I can implement the format string fix before I commit your
change. But I'll wait for your permission before doing so.
Reviewed-by: Alex Elder <aelder at sgi.com>
More information about the xfs