[parted-devel] memory overrun patch: libparted/arch/linux.c

David Cantrell dcantrell at redhat.com
Thu Mar 8 16:17:25 CET 2007 

On Thu, 2007-03-08 at 16:14 +0100, Jim Meyering wrote:
> David Cantrell <dcantrell at redhat.com> wrote:
> 
> > On Thu, 2007-03-08 at 15:51 +0100, Jim Meyering wrote:
> >> Jim Meyering <jim at meyering.net> wrote:
> >> > Here's a patch for the second memory overrun bug:
> >> >
> >> > 	linux.c: Avoid memory overrun.  Handle 2048-byte logical sectors.
> >> > 	* libparted/arch/linux.c (linux_read): Allocate the right amount of
> >> > 	space for the (potentially 2048-byte-long) sectors we're about to read.
> >>
> >> Hmm..., I see that linux_write has the same problem:
> >>
> >>         size_t                  write_length = count * dev->sector_size;
> >>           ...
> >>                 if (posix_memalign(&diobuf, PED_SECTOR_SIZE_DEFAULT,
> >>                            count * PED_SECTOR_SIZE_DEFAULT) != 0)
> >>           ...
> >>           status = write (arch_specific->fd, diobuf, write_length);
> >>
> >> another patch coming up...
> >
> > Sounds good, but I'd like the PED_ASSERT updated to use
> > PED_SECTOR_SIZE_DEFAULT too.  Or a PED_ASSERT added if we don't have
> > one.
> 
> No problem, but I'll do all of them separately.
> There are pretty many:
> Searching for 'sector_size.*%' finds 11 matches in 6 files.

Yeah, separate patches == good.

> This code is littered with such constants...
> E.g., just saw this in aix.c:
> 
> typedef struct {
> 	unsigned int   magic;        /* expect AIX_LABEL_MAGIC */
> 	unsigned int   fillbytes[127];
> } AixLabel;
> 
> That should be (PED_SECTOR_SIZE_DEFAULT / sizeof(int)) - 1,
> not 127.

Correct.

> Plus, there's an assertion at the bottom of that file:
> 
> 	PED_ASSERT (sizeof (AixLabel) == 512, return);

aix.c is not a stellar coding example.  I think it was written out of
necessity in a hurry.  :)

-- 
David Cantrell <dcantrell at redhat.com>
Red Hat / Westford, MA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/parted-devel/attachments/20070308/93cdbceb/attachment.pgp

More information about the parted-devel mailing list