/[linux-patches]/genpatches-2.6/trunk/2.6.14/1491_16.Q_kbuild-modpost-overflow-fix.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.14/1491_16.Q_kbuild-modpost-overflow-fix.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 336 - (show annotations) (download) (as text)
Mon Mar 20 15:24:17 2006 UTC (14 years, 8 months ago) by johnm
File MIME type: text/x-diff
File size: 1687 byte(s)
Pushing race and overflow fix to svn
1 diff-tree 7670f023aabd976c25862e4c6fb9f6d9d2758153 (from 85c6932ef0c7a82c309f8728ddf29768001d794e)
2 Author: Sam Ravnborg <sam@ravnborg.org>
3 Date: Thu Mar 16 23:04:08 2006 -0800
4
5 [PATCH] kbuild: fix buffer overflow in modpost
6
7 Jiri Benc <jbenc@suse.cz> reported that modpost would stop with SIGABRT if
8 used with long filepaths.
9 The error looked like:
10 > Building modules, stage 2.
11 > MODPOST
12 > *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size:
13 +0x0809f588 ***
14 > [...]
15
16 Fix this by allocating at least the required memory + SZ bytes each time.
17 Before we sometimes ended up allocating too little memory resuting in the
18 glibc detected bug above. Based on patch originally submitted by: Jiri
19 Benc <jbenc@suse.cz>
20
21 Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
22 Signed-off-by: Andrew Morton <akpm@osdl.org>
23 Signed-off-by: Linus Torvalds <torvalds@osdl.org>
24
25 diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
26 index f70ff13..b8b2a56 100644
27 --- a/scripts/mod/modpost.c
28 +++ b/scripts/mod/modpost.c
29 @@ -508,12 +508,7 @@ buf_printf(struct buffer *buf, const cha
30
31 va_start(ap, fmt);
32 len = vsnprintf(tmp, SZ, fmt, ap);
33 - if (buf->size - buf->pos < len + 1) {
34 - buf->size += 128;
35 - buf->p = realloc(buf->p, buf->size);
36 - }
37 - strncpy(buf->p + buf->pos, tmp, len + 1);
38 - buf->pos += len;
39 + buf_write(buf, tmp, len);
40 va_end(ap);
41 }
42
43 @@ -521,7 +516,7 @@ void
44 buf_write(struct buffer *buf, const char *s, int len)
45 {
46 if (buf->size - buf->pos < len) {
47 - buf->size += len;
48 + buf->size += len + SZ;
49 buf->p = realloc(buf->p, buf->size);
50 }
51 strncpy(buf->p + buf->pos, s, len);

  ViewVC Help
Powered by ViewVC 1.1.20