[PATCH] xfsprogs: fix Out-of-bounds access in repair/dinode.c
Li Zhong
zhong at linux.vnet.ibm.com
Mon Aug 12 01:11:01 CDT 2013
Following is reported by coverity in bug 1061528:
187 __dirty_no_modify_ret(dirty);
CID 1061528 (#1 of 1): Out-of-bounds access (OVERRUN)53. overrun-buffer-arg: Overrunning array "dinoc->di_pad" of 6 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL".
188 memset(dinoc->di_pad, 0, 16);
It seems that di_pad here should be di_pad2, as sekharan pointed out.
Signed-off-by: Li Zhong <zhong at linux.vnet.ibm.com>
---
repair/dinode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/repair/dinode.c b/repair/dinode.c
index e607f0b..94bf2f8 100644
--- a/repair/dinode.c
+++ b/repair/dinode.c
@@ -183,9 +183,9 @@ clear_dinode_core(struct xfs_mount *mp, xfs_dinode_t *dinoc, xfs_ino_t ino_num)
}
for (i = 0; i < 16; i++) {
- if (dinoc->di_pad[i] != 0) {
+ if (dinoc->di_pad2[i] != 0) {
__dirty_no_modify_ret(dirty);
- memset(dinoc->di_pad, 0, 16);
+ memset(dinoc->di_pad2, 0, 16);
break;
}
}
--
1.8.1.4
More information about the xfs
mailing list