On Fri, Apr 20, 2012 at 09:27:26PM +0200, Jim Meyering wrote: > From: Jim Meyering <meyer...@redhat.com> > > * mkfs.c (parse_size): ./mkfs.btrfs -A '' would read and possibly > write the byte before beginning of strdup'd heap buffer. All other > size-accepting options were similarly affected. > > Reviewed-by: Josef Bacik <jo...@redhat.com> > --- > cmds-subvolume.c | 2 +- > mkfs.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/cmds-subvolume.c b/cmds-subvolume.c > index fc749f1..a01c830 100644 > --- a/cmds-subvolume.c > +++ b/cmds-subvolume.c > @@ -380,7 +380,7 @@ static int cmd_snapshot(int argc, char **argv) > > args.fd = fd; > strncpy(args.name, newname, BTRFS_SUBVOL_NAME_MAX); ^ +1
> - args.name[BTRFS_PATH_NAME_MAX-1] = 0; > + args.name[BTRFS_SUBVOL_NAME_MAX-1] = 0; args.name[BTRFS_SUBVOL_NAME_MAX] = 0; > res = ioctl(fddst, BTRFS_IOC_SNAP_CREATE_V2, &args); > e = errno; > > diff --git a/mkfs.c b/mkfs.c > index 03239fb..4aff2fd 100644 > --- a/mkfs.c > +++ b/mkfs.c > @@ -63,7 +63,7 @@ static u64 parse_size(char *s) > > s = strdup(s); > > - if (!isdigit(s[len - 1])) { > + if (len && !isdigit(s[len - 1])) { I think I'd prefer that len is a size_t, not an int here. (Or that len is tested to be >0). > c = tolower(s[len - 1]); > switch (c) { > case 'g': Hugo. -- === Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk === PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk --- Your problem is that you've got too much taste to be --- a web developer.
signature.asc
Description: Digital signature