On Fri, Apr 20, 2012 at 09:27:26PM +0200, Jim Meyering wrote:
> From: Jim Meyering <meyering@xxxxxxxxxx>
>
> * mkfs.c (parse_size): ./mkfs.btrfs -A '' would read and possibly
> write the byte before beginning of strdup'd heap buffer. All other
> size-accepting options were similarly affected.
>
> Reviewed-by: Josef Bacik <josef@xxxxxxxxxx>
> ---
> cmds-subvolume.c | 2 +-
> mkfs.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/cmds-subvolume.c b/cmds-subvolume.c
> index fc749f1..a01c830 100644
> --- a/cmds-subvolume.c
> +++ b/cmds-subvolume.c
> @@ -380,7 +380,7 @@ static int cmd_snapshot(int argc, char **argv)
>
> args.fd = fd;
> strncpy(args.name, newname, BTRFS_SUBVOL_NAME_MAX);
^ +1
> - args.name[BTRFS_PATH_NAME_MAX-1] = 0;
> + args.name[BTRFS_SUBVOL_NAME_MAX-1] = 0;
args.name[BTRFS_SUBVOL_NAME_MAX] = 0;
> res = ioctl(fddst, BTRFS_IOC_SNAP_CREATE_V2, &args);
> e = errno;
>
> diff --git a/mkfs.c b/mkfs.c
> index 03239fb..4aff2fd 100644
> --- a/mkfs.c
> +++ b/mkfs.c
> @@ -63,7 +63,7 @@ static u64 parse_size(char *s)
>
> s = strdup(s);
>
> - if (!isdigit(s[len - 1])) {
> + if (len && !isdigit(s[len - 1])) {
I think I'd prefer that len is a size_t, not an int here. (Or that
len is tested to be >0).
> c = tolower(s[len - 1]);
> switch (c) {
> case 'g':
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- Your problem is that you've got too much taste to be ---
a web developer.
Attachment:
signature.asc
Description: Digital signature
