[parted-devel] fix another memory overrun bug (this time in
linux_write)
David Cantrell
dcantrell at redhat.com
Fri Mar 16 01:05:24 CET 2007
On Thu, 2007-03-15 at 21:00 -0300, Otavio Salvador wrote:
> Jim Meyering <jim at meyering.net> writes:
>
> > Here's an untested fix for libparted/arch/linux.c's linux_write.
> > The problem arises when writing with a logical sector size larger
> > than 512 (PED_SECTOR_SIZE_DEFAULT). It would allocate space
> > for count * PED_SECTOR_SIZE_DEFAULT bytes, and copy that many
> > bytes into the just-allocated buffer, but writing
> > "count * dev->sector_size" bytes from the same buffer would
> > use 1.5KB of uninitialized memory when sector_size is 2048.
> >
> > Another problem: if there were ever to be a partial write,
> > the while(1) loop termination test would never become true.
> >
> > Finally, to be a little cleaner, use ssize_t as the type
> > of the variable getting the write return val.
> >
> > From: Jim Meyering <jim at meyering.net>
>
> Ack. David, please check if you can apply it on 1.8.3 too since it's
> clearly a bugfix :-)
Yes, I was waiting on this fix for 1.8.3 from Jim. I have it applied
and am in the process of locating some test hardware at work so I can
make sure it works.
Same with the Hurd patch from Debarshi. Testing it tomorrow.
--
David Cantrell <dcantrell at redhat.com>
Red Hat / Westford, MA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/parted-devel/attachments/20070315/1c214815/attachment.pgp
More information about the parted-devel
mailing list