[parted-devel] fix another memory overrun bug (this time in linux_write)

Otavio Salvador otavio at debian.org
Fri Mar 16 01:00:45 CET 2007


Jim Meyering <jim at meyering.net> writes:

> Here's an untested fix for libparted/arch/linux.c's linux_write.
> The problem arises when writing with a logical sector size larger
> than 512 (PED_SECTOR_SIZE_DEFAULT).  It would allocate space
> for count * PED_SECTOR_SIZE_DEFAULT bytes, and copy that many
> bytes into the just-allocated buffer, but writing
> "count * dev->sector_size" bytes from the same buffer would
> use 1.5KB of uninitialized memory when sector_size is 2048.
>
> Another problem: if there were ever to be a partial write,
> the while(1) loop termination test would never become true.
>
> Finally, to be a little cleaner, use ssize_t as the type
> of the variable getting the write return val.
>
> From: Jim Meyering <jim at meyering.net>

Ack. David, please check if you can apply it on 1.8.3 too since it's
clearly a bugfix :-)

-- 
        O T A V I O    S A L V A D O R
---------------------------------------------
 E-mail: otavio at debian.org      UIN: 5906116
 GNU/Linux User: 239058     GPG ID: 49A5F855
 Home Page: http://otavio.ossystems.com.br
---------------------------------------------
"Microsoft sells you Windows ... Linux gives
 you the whole house."



More information about the parted-devel mailing list