[parted-devel] memory overrun patch: libparted/arch/linux.c

Jim Meyering jim at meyering.net
Thu Mar 8 16:14:11 CET 2007


David Cantrell <dcantrell at redhat.com> wrote:

> On Thu, 2007-03-08 at 15:51 +0100, Jim Meyering wrote:
>> Jim Meyering <jim at meyering.net> wrote:
>> > Here's a patch for the second memory overrun bug:
>> >
>> > 	linux.c: Avoid memory overrun.  Handle 2048-byte logical sectors.
>> > 	* libparted/arch/linux.c (linux_read): Allocate the right amount of
>> > 	space for the (potentially 2048-byte-long) sectors we're about to read.
>>
>> Hmm..., I see that linux_write has the same problem:
>>
>>         size_t                  write_length = count * dev->sector_size;
>>           ...
>>                 if (posix_memalign(&diobuf, PED_SECTOR_SIZE_DEFAULT,
>>                            count * PED_SECTOR_SIZE_DEFAULT) != 0)
>>           ...
>>           status = write (arch_specific->fd, diobuf, write_length);
>>
>> another patch coming up...
>
> Sounds good, but I'd like the PED_ASSERT updated to use
> PED_SECTOR_SIZE_DEFAULT too.  Or a PED_ASSERT added if we don't have
> one.

No problem, but I'll do all of them separately.
There are pretty many:
Searching for 'sector_size.*%' finds 11 matches in 6 files.

This code is littered with such constants...
E.g., just saw this in aix.c:

typedef struct {
	unsigned int   magic;        /* expect AIX_LABEL_MAGIC */
	unsigned int   fillbytes[127];
} AixLabel;

That should be (PED_SECTOR_SIZE_DEFAULT / sizeof(int)) - 1,
not 127.

Plus, there's an assertion at the bottom of that file:

	PED_ASSERT (sizeof (AixLabel) == 512, return);



More information about the parted-devel mailing list