From patchwork Wed Oct 12 01:02:21 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 119089 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id AF935B6F62 for ; Wed, 12 Oct 2011 12:02:16 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751726Ab1JLBCP (ORCPT ); Tue, 11 Oct 2011 21:02:15 -0400 Received: from e34.co.us.ibm.com ([32.97.110.152]:45647 "EHLO e34.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751240Ab1JLBCO (ORCPT ); Tue, 11 Oct 2011 21:02:14 -0400 Received: from /spool/local by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 11 Oct 2011 19:02:14 -0600 Received: from d03relay02.boulder.ibm.com ([9.17.195.227]) by e34.co.us.ibm.com ([192.168.1.134]) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 11 Oct 2011 19:02:12 -0600 Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p9C12BTj133662 for ; Tue, 11 Oct 2011 19:02:11 -0600 Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p9C12AWZ014125 for ; Tue, 11 Oct 2011 19:02:11 -0600 Received: from tux1.beaverton.ibm.com ([9.47.67.50]) by d03av01.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id p9C129H4014040; Tue, 11 Oct 2011 19:02:09 -0600 Received: by tux1.beaverton.ibm.com (Postfix, from userid 501) id 1743B13E890; Tue, 11 Oct 2011 18:02:09 -0700 (PDT) Date: Tue, 11 Oct 2011 18:02:21 -0700 From: "Darrick J. Wong" To: "Theodore Ts'o" Cc: linux-ext4 Subject: [PATCH] debugfs: Fix sprintf stack overflow Message-ID: <20111012010221.GN12447@tux1.beaverton.ibm.com> Reply-To: djwong@us.ibm.com MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.17+20080114 (2008-01-14) x-cbid: 11101201-1780-0000-0000-0000002E0502 Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org The htree dump code overflows a char buffer if the directory has a long filename because the buffer is not large enough to hold the characters that are not part of the filename. Make the buffer larger and use snprintf instead. Signed-off-by: Darrick J. Wong Reviewed-by: Eric Sandeen --- debugfs/htree.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/debugfs/htree.c b/debugfs/htree.c index 06e7737..05745eb 100644 --- a/debugfs/htree.c +++ b/debugfs/htree.c @@ -39,7 +39,7 @@ static void htree_dump_leaf_node(ext2_filsys fs, ext2_ino_t ino, int thislen, col = 0; unsigned int offset = 0; char name[EXT2_NAME_LEN + 1]; - char tmp[EXT2_NAME_LEN + 16]; + char tmp[EXT2_NAME_LEN + 64]; blk64_t pblk; ext2_dirhash_t hash, minor_hash; unsigned int rec_len; @@ -91,8 +91,8 @@ static void htree_dump_leaf_node(ext2_filsys fs, ext2_ino_t ino, if (errcode) com_err("htree_dump_leaf_node", errcode, "while calculating hash"); - sprintf(tmp, "%u 0x%08x-%08x (%d) %s ", dirent->inode, - hash, minor_hash, rec_len, name); + snprintf(tmp, EXT2_NAME_LEN + 64, "%u 0x%08x-%08x (%d) %s ", + dirent->inode, hash, minor_hash, rec_len, name); thislen = strlen(tmp); if (col + thislen > 80) { fprintf(pager, "\n");