[parted-devel] memory overrun patch: libparted/arch/linux.c
Jim Meyering
jim at meyering.net
Thu Mar 8 16:14:11 CET 2007
David Cantrell <dcantrell at redhat.com> wrote:
> On Thu, 2007-03-08 at 15:51 +0100, Jim Meyering wrote:
>> Jim Meyering <jim at meyering.net> wrote:
>> > Here's a patch for the second memory overrun bug:
>> >
>> > linux.c: Avoid memory overrun. Handle 2048-byte logical sectors.
>> > * libparted/arch/linux.c (linux_read): Allocate the right amount of
>> > space for the (potentially 2048-byte-long) sectors we're about to read.
>>
>> Hmm..., I see that linux_write has the same problem:
>>
>> size_t write_length = count * dev->sector_size;
>> ...
>> if (posix_memalign(&diobuf, PED_SECTOR_SIZE_DEFAULT,
>> count * PED_SECTOR_SIZE_DEFAULT) != 0)
>> ...
>> status = write (arch_specific->fd, diobuf, write_length);
>>
>> another patch coming up...
>
> Sounds good, but I'd like the PED_ASSERT updated to use
> PED_SECTOR_SIZE_DEFAULT too. Or a PED_ASSERT added if we don't have
> one.
No problem, but I'll do all of them separately.
There are pretty many:
Searching for 'sector_size.*%' finds 11 matches in 6 files.
This code is littered with such constants...
E.g., just saw this in aix.c:
typedef struct {
unsigned int magic; /* expect AIX_LABEL_MAGIC */
unsigned int fillbytes[127];
} AixLabel;
That should be (PED_SECTOR_SIZE_DEFAULT / sizeof(int)) - 1,
not 127.
Plus, there's an assertion at the bottom of that file:
PED_ASSERT (sizeof (AixLabel) == 512, return);
More information about the parted-devel
mailing list