diff options
author | Sam Ravnborg <sam@ravnborg.org> | 2006-03-17 08:04:08 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-17 16:51:25 +0100 |
commit | 7670f023aabd976c25862e4c6fb9f6d9d2758153 (patch) | |
tree | 13c1c1fe41028f1f4752e10eef1a162b4f38c937 | |
parent | [PATCH] nfsservctl(): remove user-triggerable printk (diff) | |
download | linux-7670f023aabd976c25862e4c6fb9f6d9d2758153.tar.xz linux-7670f023aabd976c25862e4c6fb9f6d9d2758153.zip |
[PATCH] kbuild: fix buffer overflow in modpost
Jiri Benc <jbenc@suse.cz> reported that modpost would stop with SIGABRT if
used with long filepaths.
The error looked like:
> Building modules, stage 2.
> MODPOST
> *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size:
+0x0809f588 ***
> [...]
Fix this by allocating at least the required memory + SZ bytes each time.
Before we sometimes ended up allocating too little memory resuting in the
glibc detected bug above. Based on patch originally submitted by: Jiri
Benc <jbenc@suse.cz>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to '')
-rw-r--r-- | scripts/mod/modpost.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index f70ff13d4818..b8b2a560b26b 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -508,12 +508,7 @@ buf_printf(struct buffer *buf, const char *fmt, ...) va_start(ap, fmt); len = vsnprintf(tmp, SZ, fmt, ap); - if (buf->size - buf->pos < len + 1) { - buf->size += 128; - buf->p = realloc(buf->p, buf->size); - } - strncpy(buf->p + buf->pos, tmp, len + 1); - buf->pos += len; + buf_write(buf, tmp, len); va_end(ap); } @@ -521,7 +516,7 @@ void buf_write(struct buffer *buf, const char *s, int len) { if (buf->size - buf->pos < len) { - buf->size += len; + buf->size += len + SZ; buf->p = realloc(buf->p, buf->size); } strncpy(buf->p + buf->pos, s, len); |