Set string "xattr_name" 's end with '\0' so that it won't be
violated in memory.
With this fix, xfstest/btrfs/048 can pass on my box.
Signed-off-by: Liu Bo <bo.li.liu@xxxxxxxxxx>
---
v2: avoid buffer overflow of malloc().
props.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/props.c b/props.c
index 9ff63ca..cc87454 100644
--- a/props.c
+++ b/props.c
@@ -131,13 +131,14 @@ static int prop_compression(enum prop_object_type type,
goto out;
}
- xattr_name = malloc(XATTR_BTRFS_PREFIX_LEN + strlen(name));
+ xattr_name = malloc(XATTR_BTRFS_PREFIX_LEN + strlen(name) + 1);
if (!xattr_name) {
ret = -ENOMEM;
goto out;
}
memcpy(xattr_name, XATTR_BTRFS_PREFIX, XATTR_BTRFS_PREFIX_LEN);
memcpy(xattr_name + XATTR_BTRFS_PREFIX_LEN, name, strlen(name));
+ xattr_name[XATTR_BTRFS_PREFIX_LEN + strlen(name)] = '\0';
if (value)
sret = fsetxattr(fd, xattr_name, value, strlen(value), 0);
--
1.7.7
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
