Whamcloud - gitweb
git://git.whamcloud.com / tools / e2fsprogs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e241612) | patch
LU-10205 libext2fs: fix buffer overrun in ext2fs_expand_extra_isize 75/29975/2
authorJeff Mahoney <jeffm@suse.com>
Tue, 7 Nov 2017 21:31:43 +0000 (16:31 -0500)
committerAndreas Dilger <andreas.dilger@intel.com>
Tue, 23 Jan 2018 05:37:42 +0000 (05:37 +0000)
commitac1fceebccf21a7cee9e27b6d29e4e245b143686
tree397d044f352d228dc385708abb217686a3bca9c1tree | snapshot
parente24161282ad7d35e52279682db973935586f54d6commit | diff
LU-10205 libext2fs: fix buffer overrun in ext2fs_expand_extra_isize

In ext2fs_expand_extra_isize, we size buffer using 'size' but then
do the memcpy with the rounded-up size, which can overflow the buffer.

With MALLOC_CHECK_=2, I see:
Error in `../e2fsck/e2fsck': free(): invalid pointer: <addr>

Change-Id: I31be58de12d4d50646c7aa96959de0efc5c279c3
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Reviewed-on: https://review.whamcloud.com/29975
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
lib/ext2fs/ext_attr.c diff | blob | history
Mirror of git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git