Set string "xattr_name" 's end with '\0' so that it won't be violated in memory.
With this fix, xfstest/btrfs/048 can pass on my box. Signed-off-by: Liu Bo <[email protected]> --- v2: avoid buffer overflow of malloc(). props.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/props.c b/props.c index 9ff63ca..cc87454 100644 --- a/props.c +++ b/props.c @@ -131,13 +131,14 @@ static int prop_compression(enum prop_object_type type, goto out; } - xattr_name = malloc(XATTR_BTRFS_PREFIX_LEN + strlen(name)); + xattr_name = malloc(XATTR_BTRFS_PREFIX_LEN + strlen(name) + 1); if (!xattr_name) { ret = -ENOMEM; goto out; } memcpy(xattr_name, XATTR_BTRFS_PREFIX, XATTR_BTRFS_PREFIX_LEN); memcpy(xattr_name + XATTR_BTRFS_PREFIX_LEN, name, strlen(name)); + xattr_name[XATTR_BTRFS_PREFIX_LEN + strlen(name)] = '\0'; if (value) sret = fsetxattr(fd, xattr_name, value, strlen(value), 0); -- 1.7.7 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
