[PATCH] xfsprogs: fix Out-of-bounds access in repair/dinode.c
Rich Johnston
rjohnston at sgi.com
Fri Oct 18 11:28:08 CDT 2013
This has been committed.
Thanks
--Rich
commit e6efb967e61a366dbe877f34e220e32866e7db42
Author: Li Zhong <zhong at linux.vnet.ibm.com>
Date: Tue Aug 27 01:58:34 2013 +0000
xfsprogs: fix Out-of-bounds access in repair/dinode.c
On 08/12/2013 01:11 AM, Li Zhong wrote:
> Following is reported by coverity in bug 1061528:
>
> 187 __dirty_no_modify_ret(dirty);
>
> CID 1061528 (#1 of 1): Out-of-bounds access (OVERRUN)53. overrun-buffer-arg: Overrunning array "dinoc->di_pad" of 6 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL".
> 188 memset(dinoc->di_pad, 0, 16);
>
> It seems that di_pad here should be di_pad2, as sekharan pointed out.
>
> Signed-off-by: Li Zhong <zhong at linux.vnet.ibm.com>
> ---
> repair/dinode.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/repair/dinode.c b/repair/dinode.c
> index e607f0b..94bf2f8 100644
> --- a/repair/dinode.c
> +++ b/repair/dinode.c
> @@ -183,9 +183,9 @@ clear_dinode_core(struct xfs_mount *mp, xfs_dinode_t *dinoc, xfs_ino_t ino_num)
> }
>
> for (i = 0; i < 16; i++) {
> - if (dinoc->di_pad[i] != 0) {
> + if (dinoc->di_pad2[i] != 0) {
> __dirty_no_modify_ret(dirty);
> - memset(dinoc->di_pad, 0, 16);
> + memset(dinoc->di_pad2, 0, 16);
> break;
> }
> }
>
More information about the xfs
mailing list