[parted-devel] fix another memory overrun bug (this time in linux_write)

David Cantrell dcantrell at redhat.com
Fri Mar 16 01:05:24 CET 2007


On Thu, 2007-03-15 at 21:00 -0300, Otavio Salvador wrote:
> Jim Meyering <jim at meyering.net> writes:
> 
> > Here's an untested fix for libparted/arch/linux.c's linux_write.
> > The problem arises when writing with a logical sector size larger
> > than 512 (PED_SECTOR_SIZE_DEFAULT).  It would allocate space
> > for count * PED_SECTOR_SIZE_DEFAULT bytes, and copy that many
> > bytes into the just-allocated buffer, but writing
> > "count * dev->sector_size" bytes from the same buffer would
> > use 1.5KB of uninitialized memory when sector_size is 2048.
> >
> > Another problem: if there were ever to be a partial write,
> > the while(1) loop termination test would never become true.
> >
> > Finally, to be a little cleaner, use ssize_t as the type
> > of the variable getting the write return val.
> >
> > From: Jim Meyering <jim at meyering.net>
> 
> Ack. David, please check if you can apply it on 1.8.3 too since it's
> clearly a bugfix :-)

Yes, I was waiting on this fix for 1.8.3 from Jim.  I have it applied
and am in the process of locating some test hardware at work so I can
make sure it works.

Same with the Hurd patch from Debarshi.  Testing it tomorrow.

-- 
David Cantrell <dcantrell at redhat.com>
Red Hat / Westford, MA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/parted-devel/attachments/20070315/1c214815/attachment.pgp


More information about the parted-devel mailing list