|
 |
dd3a91 |
From ff9239ee3177630d62c7a58408992af7a779763c Mon Sep 17 00:00:00 2001
|
|
|
dd3a91 |
From: Xiao Ni <xni@redhat.com>
|
|
|
dd3a91 |
Date: Fri, 17 Mar 2017 19:55:43 +0800
|
|
|
dd3a91 |
Subject: [RHEL6.9 PATCH 1/1] mdadm: Specify enough length when write to buffer
|
|
|
dd3a91 |
MIME-Version: 1.0
|
|
|
dd3a91 |
Content-Type: text/plain; charset=UTF-8
|
|
|
dd3a91 |
Content-Transfer-Encoding: 8bit
|
|
|
dd3a91 |
|
|
|
dd3a91 |
In Detail.c the buffer path in function Detail is defined as path[200],
|
|
|
dd3a91 |
in fact the max lenth of content which needs to write to the buffer is
|
|
|
dd3a91 |
287. Because the length of dname of struct dirent is 255.
|
|
|
dd3a91 |
During building it reports error:
|
|
|
dd3a91 |
error: ā%sā directive writing up to 255 bytes into a region of size 189
|
|
|
dd3a91 |
[-Werror=format-overflow=]
|
|
|
dd3a91 |
|
|
|
dd3a91 |
In function examine_super0 there is a buffer nb with length 5.
|
|
|
dd3a91 |
But it need to show a int type argument. The lenght of max
|
|
|
dd3a91 |
number of int is 10. So the buffer length should be 11.
|
|
|
dd3a91 |
|
|
|
dd3a91 |
In human_size function the length of buf is 30. During building
|
|
|
dd3a91 |
there is a error:
|
|
|
dd3a91 |
output between 20 and 47 bytes into a destination of size 30.
|
|
|
dd3a91 |
Change the length to 47.
|
|
|
dd3a91 |
|
|
|
dd3a91 |
Signed-off-by: Xiao Ni <xni@redhat.com>
|
|
|
dd3a91 |
Signed-off-by: Jes Sorensen <Jes.Sorensen@gmail.com>
|
|
|
dd3a91 |
---
|
|
|
dd3a91 |
Detail.c | 2 +-
|
|
|
dd3a91 |
super0.c | 2 +-
|
|
|
dd3a91 |
util.c | 2 +-
|
|
|
dd3a91 |
3 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
dd3a91 |
|
|
|
dd3a91 |
diff --git a/Detail.c b/Detail.c
|
|
|
dd3a91 |
index 509b0d4..cb33794 100644
|
|
|
dd3a91 |
--- a/Detail.c
|
|
|
dd3a91 |
+++ b/Detail.c
|
|
|
dd3a91 |
@@ -575,7 +575,7 @@ This is pretty boring
|
|
|
dd3a91 |
printf(" Member Arrays :");
|
|
|
dd3a91 |
|
|
|
dd3a91 |
while (dir && (de = readdir(dir)) != NULL) {
|
|
|
dd3a91 |
- char path[200];
|
|
|
dd3a91 |
+ char path[287];
|
|
|
dd3a91 |
char vbuf[1024];
|
|
|
dd3a91 |
int nlen = strlen(sra->sys_name);
|
|
|
dd3a91 |
dev_t devid;
|
|
|
dd3a91 |
diff --git a/super0.c b/super0.c
|
|
|
dd3a91 |
index 938cfd9..f5b4507 100644
|
|
|
dd3a91 |
--- a/super0.c
|
|
|
dd3a91 |
+++ b/super0.c
|
|
|
dd3a91 |
@@ -231,7 +231,7 @@ static void examine_super0(struct supertype *st, char *homehost)
|
|
|
dd3a91 |
d++) {
|
|
|
dd3a91 |
mdp_disk_t *dp;
|
|
|
dd3a91 |
char *dv;
|
|
|
dd3a91 |
- char nb[5];
|
|
|
dd3a91 |
+ char nb[11];
|
|
|
dd3a91 |
int wonly, failfast;
|
|
|
dd3a91 |
if (d>=0) dp = &sb->disks[d];
|
|
|
dd3a91 |
else dp = &sb->this_disk;
|
|
|
dd3a91 |
diff --git a/util.c b/util.c
|
|
|
dd3a91 |
index f100972..32bd909 100644
|
|
|
dd3a91 |
--- a/util.c
|
|
|
dd3a91 |
+++ b/util.c
|
|
|
dd3a91 |
@@ -811,7 +811,7 @@ unsigned long calc_csum(void *super, int bytes)
|
|
|
dd3a91 |
#ifndef MDASSEMBLE
|
|
|
dd3a91 |
char *human_size(long long bytes)
|
|
|
dd3a91 |
{
|
|
|
dd3a91 |
- static char buf[30];
|
|
|
dd3a91 |
+ static char buf[47];
|
|
|
dd3a91 |
|
|
|
dd3a91 |
/* We convert bytes to either centi-M{ega,ibi}bytes or
|
|
|
dd3a91 |
* centi-G{igi,ibi}bytes, with appropriate rounding,
|
|
|
dd3a91 |
--
|
|
|
dd3a91 |
2.7.4
|
|
|
dd3a91 |
|