Re: [parted-devel] aix.c: Avoid memory overrun. Don't assume logical sector size <= 512B

Thu, 08 Mar 2007 07:11:41 -0800 

On Thu, 2007-03-08 at 15:43 +0100, Jim Meyering wrote:
> Here's a fix for the first memory overrun bug I found:
> 
>       aix.c: Avoid memory overrun.  Don't assume logical sector size <= 512B
>       * libparted/labels/aix.c (aix_probe): Return 0 if the
>       sector size is larger than our AixLabel size.
>       (aix_clobber): Rather than PED_ASSERT'ing that aix_probe returns 1,
>       simply return 0 if aix_probe returns fails.
> 
> diff --git a/libparted/labels/aix.c b/libparted/labels/aix.c
> index a16ead4..9e2a7bb 100644
> --- a/libparted/labels/aix.c
> +++ b/libparted/labels/aix.c
> @@ -48,6 +48,8 @@ aix_probe (const PedDevice *dev)
>       AixLabel        label;
> 
>       PED_ASSERT (dev != NULL, return 0);
> +     if (sizeof (AixLabel) < dev->sector_size)
> +             return 0;
> 
>       if (!ped_device_read (dev, &label, 0, 1))
>               return 0;
> @@ -65,7 +67,8 @@ aix_clobber (PedDevice* dev)
>       AixLabel label;
> 
>       PED_ASSERT (dev != NULL, return 0);
> -     PED_ASSERT (aix_probe (dev), return 0);
> +     if (!aix_probe (dev))
> +             return 0;
> 
>       if (!ped_device_read (dev, &label, 0, 1))
>               return 0;
> -----------------------------------------------
> 
> The above is similar to what's done in dos.c's msdos_probe:
> 
>         if (dev->sector_size != 512)
>                 return 0;
> 
> Is it possible to have a DOS or AIX partition on a CDROM with 2048-byte
> logical sectors?  (I have no idea)  If so, then it might make sense to

DOS, yes.  AIX...no clue.

> do what rdb.c's amiga_probe does:
> 
>       if ((rdb=RDSK(ped_malloc(dev->sector_size)))==NULL)
>               return 0;
> 
> i.e., rather than simply returning when dev->sector_size is too large
> or != 512, just allocate a buffer of the required size and use that,
> rather than using the fixed-size one on the stack.

I like the approach of allocating the required buffer size instead of
using fixed-size buffers.

Either solution is fine, but I would prefer we go with the ped_malloc()
approach that's used in amiga_probe so we are consistent throughout
libparted.

-- 
David Cantrell <[EMAIL PROTECTED]>
Red Hat / Westford, MA

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
parted-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/parted-devel

Reply via email to