If there's is a long name directory exists in the /dev, then an
overflow will hit in function utils.c btrfs_scan_one_dir:1013!
The minimal fix is to use snprintf instead of strcpy.
The reason why not using strncpy is that, if there is no null byte
among the first n bytes of src, the string placed in dest
will not be null - terminated.
Signed-off-by: Rock Lee <zimilo@xxxxxxxxxxxxxx>
---
utils.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/utils.c b/utils.c
index 3c88d2e..7200aef 100644
--- a/utils.c
+++ b/utils.c
@@ -969,7 +969,7 @@ int btrfs_scan_one_dir(char *dirname, int run_ioctl)
pending = malloc(sizeof(*pending));
if (!pending)
return -ENOMEM;
- strcpy(pending->name, dirname);
+ snprintf(pending->name, sizeof(pending->name), "%s", dirname);
again:
dirname_len = strlen(pending->name);
@@ -1010,7 +1010,8 @@ again:
ret = -ENOMEM;
goto fail;
}
- strcpy(next->name, fullpath);
+ snprintf(next->name, sizeof(next->name),
+ "%s", fullpath);
list_add_tail(&next->list, &pending_list);
}
if (!S_ISBLK(st.st_mode)) {
--
1.7.7.6
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
