Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/ufs/lfs Fix glaringly stupid overflow/sizing bug in -r1....
details: https://anonhg.NetBSD.org/src/rev/89f25f09efb1
branches: trunk
changeset: 340619:89f25f09efb1
user: dholland <dholland%NetBSD.org@localhost>
date: Sun Sep 20 04:50:58 2015 +0000
description:
Fix glaringly stupid overflow/sizing bug in -r1.25. The part I don't
get is how it passed testing...
diffstat:
sys/ufs/lfs/lfs_accessors.h | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
diffs (28 lines):
diff -r d369de600f1f -r 89f25f09efb1 sys/ufs/lfs/lfs_accessors.h
--- a/sys/ufs/lfs/lfs_accessors.h Sun Sep 20 00:35:14 2015 +0000
+++ b/sys/ufs/lfs/lfs_accessors.h Sun Sep 20 04:50:58 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lfs_accessors.h,v 1.27 2015/09/15 15:02:25 dholland Exp $ */
+/* $NetBSD: lfs_accessors.h,v 1.28 2015/09/20 04:50:58 dholland Exp $ */
/* from NetBSD: lfs.h,v 1.165 2015/07/24 06:59:32 dholland Exp */
/* from NetBSD: dinode.h,v 1.22 2013/01/22 09:39:18 dholland Exp */
@@ -317,11 +317,16 @@
lfs_copydirname(STRUCT_LFS *fs, char *dest, const char *src,
unsigned namlen, unsigned reclen)
{
+ unsigned spacelen;
+
+ KASSERT(reclen > sizeof(struct lfs_dirheader));
+ spacelen = reclen - sizeof(struct lfs_dirheader);
+
/* must always be at least 1 byte as a null terminator */
- KASSERT(reclen > namlen);
+ KASSERT(spacelen > namlen);
memcpy(dest, src, namlen);
- memset(dest + namlen, '\0', reclen - namlen);
+ memset(dest + namlen, '\0', spacelen - namlen);
}
/*
Home |
Main Index |
Thread Index |
Old Index