Skip to content

L
linux

xiphi1978 / linux

通知 2
Star 0
Fork 0
L
linux

体验新版 GitCode,发现更多精彩内容 >>

提交 6305a0a9 编写于 作者: M Marcin Slusarz 提交者: Jan Kara
浏览文件
操作

udf: fix udf_build_ustr 

udf_build_ustr was broken:

- size == 1:
    dest->u_len = ptr[1 - 1], but at ptr[0] there's cmpID,
    so we created string with wrong length
    it should not happen, so we BUG() it
- size > 1 and size < UDF_NAME_LEN:
    we set u_len correctly, but memcpy copied one needless byte
- size == UDF_NAME_LEN - 1:
    memcpy overwrited u_len - with correct value, but...
- size >= UDF_NAME_LEN:
    we copied UDF_NAME_LEN - 1 bytes, but dest->u_name is array
    of UDF_NAME_LEN - 2 bytes, so we were overwriting u_len with
    character from input string

nobody noticed because all callers set size
to acceptable values (constants within range)
Signed-off-by: NMarcin Slusarz <marcin.slusarz@gmail.com>
Signed-off-by: NJan Kara <jack@suse.cz>
上级 79cfe0ff
隐藏空白更改
内联 并排
Showing with 7 addition and 5 deletion
fs/udf/unicode.c
浏览文件 @ 6305a0a9
...@@ -48,14 +48,16 @@ int udf_build_ustr(struct ustr *dest, dstring *ptr, int size) ...@@ -48,14 +48,16 @@ int udf_build_ustr(struct ustr *dest, dstring *ptr, int size)
{ {
int usesize; int usesize;
if ((!dest) || (!ptr) || (!size)) if (!dest || !ptr || !size)
return -1; return -1;
BUG_ON(size < 2);
memset(dest, 0, sizeof(struct ustr)); usesize = min_t(size_t, ptr[size - 1], sizeof(dest->u_name));
usesize = (size > UDF_NAME_LEN) ? UDF_NAME_LEN : size; usesize = min(usesize, size - 2);
dest->u_cmpID = ptr[0]; dest->u_cmpID = ptr[0];
dest->u_len = ptr[size - 1]; dest->u_len = usesize;
memcpy(dest->u_name, ptr + 1, usesize - 1); memcpy(dest->u_name, ptr + 1, usesize);
memset(dest->u_name + usesize, 0, sizeof(dest->u_name) - usesize);
return 0; return 0;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册