Hi Adreas,
On Friday 05 of February 2010 09:48:00 Andreas Dilger wrote:
> If the on-disk nanoseconds count happens to exceed 999,999,999 then
> code_ns_fraction() will overflow the 9-character array and segfault.
> While this shouldn't happen normally, it can happen due to corruption
> of the on-disk data. If the ns field is larger than 999,999,999
> truncate it to this value
thanks for bringing the patch here. I am attaching our version of the same
patch. It tries to count the overflowed ns into the second part and ignores
any negative value of ns, which can cause SIGSEGV as well. In fact I am not
sure if such a situation can really happen, tested only with a debugger.
As for the tar-1.22-xheader-leak.patch you posted off-list today, we have
the same patch in Fedora, not yet looked if it has reached this mailing-list
or not. I am also going to review the new version of the xattr/lustre
patches soon.
Kamil
diff --git a/src/misc.c b/src/misc.c
index 951449e..2b24a60 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -255,8 +255,20 @@ code_timespec (struct timespec t, char sbuf[TIMESPEC_STRSIZE_BOUND])
time_t s = t.tv_sec;
int ns = t.tv_nsec;
char *np;
- bool negative = s < 0;
+ bool negative;
+ /* ignore any negative ns value */
+ if (ns < 0)
+ ns = 0;
+
+ /* ensure (ns < BILLION) to avoid a SIGSEGV within code_ns_fraction () */
+ if (BILLION <= ns)
+ {
+ s += ns / BILLION;
+ ns %= BILLION;
+ }
+
+ negative = s < 0;
if (negative && ns != 0)
{
s++;
