Re: [PATCH] modpost: fix buffer overflow

From: Sam Ravnborg
Date: Wed Mar 15 2006 - 17:49:37 EST

Next message: Pavel Machek: "Re: [RFC, PATCH 4/24] i386 Vmi inline implementation"
Previous message: Jeff Garzik: "Re: libata/sata_nv latency on NVIDIA CK804 [was Re: AMD64 X2 lostticks on PM timer]"
In reply to: Andreas Schwab: "Re: [PATCH] modpost: fix buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 15, 2006 at 04:08:58PM +0100, Jiri Benc wrote:
> I got SIGABRT in modpost when compiling a module really deeply nested in
> a filesystem (path > 100 chars):
>
> > Building modules, stage 2.
> > MODPOST
> > *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size: 0x0809f588 ***
> > [...]
>
> This patch fixes that problem.
>
> Signed-off-by: Jiri Benc <jbenc@xxxxxxx>
>
> --- linux-2.6.16-rc6.orig/scripts/mod/modpost.c
> +++ linux-2.6.16-rc6/scripts/mod/modpost.c
> @@ -553,7 +553,8 @@ void __attribute__((format(printf, 2, 3)
> va_start(ap, fmt);
> len = vsnprintf(tmp, SZ, fmt, ap);
> if (buf->size - buf->pos < len + 1) {
> - buf->size += 128;
> + while (buf->size - buf->pos < len + 1)
> + buf->size += 128;
> buf->p = realloc(buf->p, buf->size);
> }
> strncpy(buf->p + buf->pos, tmp, len + 1);

Hi Jiri.

Can I ask you to make a new patch where you change buf_printf() to use
buf_write. And then change buf_write to allocate in chunks also.
This would be cleanest solution.

Sam
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: [RFC, PATCH 4/24] i386 Vmi inline implementation"
Previous message: Jeff Garzik: "Re: libata/sata_nv latency on NVIDIA CK804 [was Re: AMD64 X2 lostticks on PM timer]"
In reply to: Andreas Schwab: "Re: [PATCH] modpost: fix buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]