[PATCH] xfsprogs: fix Out-of-bounds access in repair/dinode.c
Rich Johnston
rjohnston at sgi.com
Wed Aug 21 11:51:11 CDT 2013
Looks good, thanks for the patch Li Zhong. it has been committed.
--Rich
Reviewed-by: Rich Johnston <rjohnston at sgi.com>
commit e7c05095f5baa9cd2e35a6de03d7dd9f51dd3910
Author: Li Zhong <zhong at linux.vnet.ibm.com>
Date: Mon Aug 12 06:11:01 2013 +0000
xfsprogs: fix Out-of-bounds access in repair/dinode.c
On 08/12/2013 01:11 AM, Li Zhong wrote:
> Following is reported by coverity in bug 1061528:
>
> 187 __dirty_no_modify_ret(dirty);
>
> CID 1061528 (#1 of 1): Out-of-bounds access (OVERRUN)53. overrun-buffer-arg: Overrunning array "dinoc->di_pad" of 6 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL".
> 188 memset(dinoc->di_pad, 0, 16);
>
> It seems that di_pad here should be di_pad2, as sekharan pointed out.
>
> Signed-off-by: Li Zhong <zhong at linux.vnet.ibm.com>
> ---
> repair/dinode.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/repair/dinode.c b/repair/dinode.c
> index e607f0b..94bf2f8 100644
> --- a/repair/dinode.c
> +++ b/repair/dinode.c
> @@ -183,9 +183,9 @@ clear_dinode_core(struct xfs_mount *mp, xfs_dinode_t *dinoc, xfs_ino_t ino_num)
> }
>
> for (i = 0; i < 16; i++) {
> - if (dinoc->di_pad[i] != 0) {
> + if (dinoc->di_pad2[i] != 0) {
> __dirty_no_modify_ret(dirty);
> - memset(dinoc->di_pad, 0, 16);
> + memset(dinoc->di_pad2, 0, 16);
> break;
> }
> }
>
More information about the xfs
mailing list