[parted-devel] two(!) memory-overrun bugs

Jim Meyering jim at meyering.net
Thu Mar 8 15:43:13 CET 2007


First, the probing code in aix.c is passing a 512-byte static buffer
to a function that tries to write 2048 bytes into the same buffer --
thus clobbering the following 1.5KB.

Then I saw that arch/linux.c's linux_read function was doing the same
thing: allocating a 512-byte buffer and then writing 2048 into it, too.

All of this happens with a logical sector size of 2048, about which
you get a big warning when invoking e.g., "parted /dev/cdrom":

Warning: Device /dev/hdc has a logical sector size of 2048.  Not all parts of GNU
Parted support this at the moment, and the working code is HIGHLY EXPERIMENTAL.

I'm sending the patches separately.



More information about the parted-devel mailing list