On Fri, Apr 25, 2014 at 7:29 AM, Liu Bo <[email protected]> wrote: > Set string "xattr_name" 's end with '\0' so that it won't be > violated in memory. > > With this fix, xfstest/btrfs/048 can pass on my box. > > Signed-off-by: Liu Bo <[email protected]> > --- > props.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/props.c b/props.c > index 4d0aeea..53223a3 100644 > --- a/props.c > +++ b/props.c > @@ -135,6 +135,7 @@ static int prop_compression(enum prop_object_type type, > } > memcpy(xattr_name, XATTR_BTRFS_PREFIX, XATTR_BTRFS_PREFIX_LEN); > memcpy(xattr_name + XATTR_BTRFS_PREFIX_LEN, name, strlen(name)); > + xattr_name[XATTR_BTRFS_PREFIX_LEN + strlen(name)] = '\0';
Buffer overrun. You need to sum + 1 to the malloc argument above. Thanks Liu. > > if (value) > sret = fsetxattr(fd, xattr_name, value, strlen(value), 0); > -- > 1.8.2.1 > -- Filipe David Manana, "Reasonable men adapt themselves to the world. Unreasonable men adapt the world to themselves. That's why all progress depends on unreasonable men." -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
