[parted-devel] memory overrun patch: libparted/arch/linux.c

David Cantrell dcantrell at redhat.com
Thu Mar 8 16:07:28 CET 2007


On Thu, 2007-03-08 at 15:44 +0100, Jim Meyering wrote:
> Here's a patch for the second memory overrun bug:
> 
> 	linux.c: Avoid memory overrun.  Handle 2048-byte logical sectors.
> 	* libparted/arch/linux.c (linux_read): Allocate the right amount of
> 	space for the (potentially 2048-byte-long) sectors we're about to read.
> 
> diff --git a/libparted/arch/linux.c b/libparted/arch/linux.c
> index c331ad7..824b6e0 100644
> --- a/libparted/arch/linux.c
> +++ b/libparted/arch/linux.c
> @@ -1409,7 +1409,6 @@ linux_read (const PedDevice* dev, void* buffer, PedSector start,
>          LinuxSpecific*          arch_specific = LINUX_SPECIFIC (dev);
>          int                     status;
>          PedExceptionOption      ex_status;
> -        size_t                  read_length = count * dev->sector_size;
>          void*                   diobuf;
> 
>          PED_ASSERT (dev->sector_size % 512 == 0, return 0);
> @@ -1451,9 +1450,8 @@ linux_read (const PedDevice* dev, void* buffer, PedSector start,
>                  }
>          }
> 
> -
> -        if (posix_memalign(&diobuf, PED_SECTOR_SIZE_DEFAULT,
> -                           count * PED_SECTOR_SIZE_DEFAULT) != 0)
> +        size_t read_length = count * dev->sector_size;
> +        if (posix_memalign (&diobuf, dev->sector_size, read_length) != 0)
>                  return 0;
> 
>          while (1) {
> ------------------------------------
> 
> Note that I've increased alignment to match the logical sector size.
> I don't know if that is necessary, but it can't hurt.

This is good.  I've received a number of bug reports about this in
Fedora.

We should also modify out PED_ASSERTs to ensure dev->sector_size is a
multiple of PED_SECTOR_SIZE_DEFAULT.  It is 512, but we should use the
macro consistently.

-- 
David Cantrell <dcantrell at redhat.com>
Red Hat / Westford, MA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/parted-devel/attachments/20070308/50f5c615/attachment.pgp


More information about the parted-devel mailing list