[parted-devel] memory overrun patch: libparted/arch/linux.c
Jim Meyering
jim at meyering.net
Thu Mar 8 16:08:06 CET 2007
Jim Meyering <jim at meyering.net> wrote:
> Jim Meyering <jim at meyering.net> wrote:
>> Here's a patch for the second memory overrun bug:
>>
>> linux.c: Avoid memory overrun. Handle 2048-byte logical sectors.
>> * libparted/arch/linux.c (linux_read): Allocate the right amount of
>> space for the (potentially 2048-byte-long) sectors we're about to read.
>
> Hmm..., I see that linux_write has the same problem:
>
> size_t write_length = count * dev->sector_size;
> ...
> if (posix_memalign(&diobuf, PED_SECTOR_SIZE_DEFAULT,
> count * PED_SECTOR_SIZE_DEFAULT) != 0)
> ...
> status = write (arch_specific->fd, diobuf, write_length);
>
> another patch coming up...
Actually, in linux_write it's more complicated.
For discussion, let N be count * PED_SECTOR_SIZE_DEFAULT.
First it allocates an N-byte buffer, B, with posix_memalign.
Then it copies N bytes into B with memcpy.
But then it writes write_length (4*N) bytes from B to
the destination device, thus reading 3*N bytes past the end of B
and writing all of that to the device.
Does anyone know how to exercise linux_write with 2048-byte logical
sectors?
More information about the parted-devel
mailing list