If there's is a long name directory exists in the /dev, then an overflow will hit in function utils.c btrfs_scan_one_dir:1013!
The minimal fix is to use snprintf instead of strcpy. The reason why not using strncpy is that, if there is no null byte among the first n bytes of src, the string placed in dest will not be null - terminated. Signed-off-by: Rock Lee <[email protected]> --- utils.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/utils.c b/utils.c index 3c88d2e..7200aef 100644 --- a/utils.c +++ b/utils.c @@ -969,7 +969,7 @@ int btrfs_scan_one_dir(char *dirname, int run_ioctl) pending = malloc(sizeof(*pending)); if (!pending) return -ENOMEM; - strcpy(pending->name, dirname); + snprintf(pending->name, sizeof(pending->name), "%s", dirname); again: dirname_len = strlen(pending->name); @@ -1010,7 +1010,8 @@ again: ret = -ENOMEM; goto fail; } - strcpy(next->name, fullpath); + snprintf(next->name, sizeof(next->name), + "%s", fullpath); list_add_tail(&next->list, &pending_list); } if (!S_ISBLK(st.st_mode)) { -- 1.7.7.6 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
