Blame SOURCES/kexec-tools-2.0.15-makedumpfile-Fix-array-index-out-of-bound-exception.patch

26a7a5
From e5f96e79d69a1d295f19130da00ec6514d28a8ae Mon Sep 17 00:00:00 2001
26a7a5
From: Lianbo Jiang <lijiang@redhat.com>
26a7a5
Date: Tue, 6 Mar 2018 19:07:00 +0900
26a7a5
Subject: [PATCH] Fix array index out of bound exception
26a7a5
26a7a5
A data overflow may lead to a reversal, which may turn a positive
26a7a5
number into a large negative number, in this case, the string's
26a7a5
length will exceed the array size(for example, eta: -2147483648s),
26a7a5
here the array size is defined 16 characters. So, it is nessasary
26a7a5
to consider some exceptions.
26a7a5
26a7a5
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
26a7a5
---
26a7a5
 print_info.c | 21 +++++++++++++--------
26a7a5
 1 file changed, 13 insertions(+), 8 deletions(-)
26a7a5
26a7a5
diff --git a/makedumpfile-1.6.2/print_info.c b/makedumpfile-1.6.2/print_info.c
26a7a5
index e0e6a27..09e215a 100644
26a7a5
--- a/makedumpfile-1.6.2/print_info.c
26a7a5
+++ b/makedumpfile-1.6.2/print_info.c
26a7a5
@@ -16,6 +16,8 @@
26a7a5
 #include "print_info.h"
26a7a5
 #include <time.h>
26a7a5
 #include <string.h>
26a7a5
+#include <stdint.h>
26a7a5
+#include <inttypes.h>
26a7a5
 
26a7a5
 #define PROGRESS_MAXLEN		"50"
26a7a5
 
26a7a5
@@ -352,18 +354,21 @@ static void calc_delta(struct timeval *tv_start, struct timeval *delta)
26a7a5
 }
26a7a5
 
26a7a5
 /* produce less than 12 bytes on msg */
26a7a5
-static int eta_to_human_short (int secs, char* msg)
26a7a5
+static int eta_to_human_short (int64_t secs, char* msg, int maxsize)
26a7a5
 {
26a7a5
 	strcpy(msg, "eta: ");
26a7a5
 	msg += strlen("eta: ");
26a7a5
 	if (secs < 100)
26a7a5
-		sprintf(msg, "%ds", secs);
26a7a5
+		snprintf(msg, maxsize, "%"PRId64"s", secs);
26a7a5
 	else if (secs < 100 * 60)
26a7a5
-		sprintf(msg, "%dm%ds", secs / 60, secs % 60);
26a7a5
+		snprintf(msg, maxsize, "%"PRId64"m""%"PRId64"s",
26a7a5
+			secs / 60, secs % 60);
26a7a5
 	else if (secs < 48 * 3600)
26a7a5
-		sprintf(msg, "%dh%dm", secs / 3600, (secs / 60) % 60);
26a7a5
+		snprintf(msg, maxsize, "%"PRId64"h""%"PRId64"m",
26a7a5
+			secs / 3600, (secs / 60) % 60);
26a7a5
 	else if (secs < 100 * 86400)
26a7a5
-		sprintf(msg, "%dd%dh", secs / 86400, (secs / 3600) % 24);
26a7a5
+		snprintf(msg, maxsize, "%"PRId64"d""%"PRId64"h",
26a7a5
+			secs / 86400, (secs / 3600) % 24);
26a7a5
 	else
26a7a5
 		sprintf(msg, ">2day");
26a7a5
 	return 0;
26a7a5
@@ -379,8 +384,8 @@ print_progress(const char *msg, unsigned long current, unsigned long end, struct
26a7a5
 	static unsigned int lapse = 0;
26a7a5
 	static const char *spinner = "/|\\-";
26a7a5
 	struct timeval delta;
26a7a5
-	double eta;
26a7a5
-	char eta_msg[16] = " ";
26a7a5
+	int64_t eta;
26a7a5
+	char eta_msg[32] = " ";
26a7a5
 
26a7a5
 	if (current < end) {
26a7a5
 		tm = time(NULL);
26a7a5
@@ -395,7 +400,7 @@ print_progress(const char *msg, unsigned long current, unsigned long end, struct
26a7a5
 		calc_delta(start, &delta);
26a7a5
 		eta = delta.tv_sec + delta.tv_usec / 1e6;
26a7a5
 		eta = (100 - progress) * eta / progress;
26a7a5
-		eta_to_human_short(eta, eta_msg);
26a7a5
+		eta_to_human_short(eta, eta_msg, sizeof(eta_msg));
26a7a5
 	}
26a7a5
 	if (flag_ignore_r_char) {
26a7a5
 		PROGRESS_MSG("%-" PROGRESS_MAXLEN "s: [%5.1f %%] %c  %16s\n",
26a7a5
-- 
26a7a5
2.9.5
26a7a5