[PATCH] xfsprogs: avoid array overflow in pf_batch_read()
Dave Chinner
david at fromorbit.com
Mon Sep 2 05:14:58 CDT 2013
On Thu, Aug 29, 2013 at 10:55:16PM -0500, Eric Sandeen wrote:
> The while loop in pf_batch_read, and the code preceeding it, is really...
> quite a thing. I'd love to rewrite it, but I haven't yet found
> a particularly cleaner way.
>
> It cleverly hides the fact that we might increment "num" past the
> last index of bplist[] and then assign to it. This corrupts memory.
>
> Rather than major surgery for now, just go for the simple fix,
> and break out of the loop if we've increased "num" past the
> last index.
looks good.
Reviewed-by: Dave Chinner <dchinner at redhat.com>
--
Dave Chinner
david at fromorbit.com
More information about the xfs
mailing list