From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: sandeen@redhat.com, darrick.wong@oracle.com
Cc: linux-xfs@vger.kernel.org
Subject: [PATCH 1/4] xfs_db: don't print arrays off the end of a buffer
Date: Fri, 07 Apr 2017 20:03:48 -0700 [thread overview]
Message-ID: <149162062896.22901.1082958527237251943.stgit@birch.djwong.org> (raw)
In-Reply-To: <149162062276.22901.7801103937404880951.stgit@birch.djwong.org>
From: Darrick J. Wong <darrick.wong@oracle.com>
Before printing an array, clamp the array count against the size of the
buffer so that we don't print random heap contents.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
db/print.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/db/print.c b/db/print.c
index e31372f..0caad8f 100644
--- a/db/print.c
+++ b/db/print.c
@@ -144,6 +144,17 @@ print_flist_1(
if (fl->flags & FL_OKHIGH)
count = min(count, fl->high - low + 1);
if (fa->prfunc) {
+ int fsz;
+ int bitlen;
+
+ /* Don't read an array off the end of the buffer */
+ fsz = fsize(f, iocur_top->data, parentoff, 0);
+ bitlen = iocur_top->len * NBBY;
+ if ((f->flags & FLD_ARRAY) &&
+ fl->offset + (count * fsz) > bitlen) {
+ count = (bitlen - fl->offset) / fsz;
+ }
+
neednl = fa->prfunc(iocur_top->data, fl->offset,
count, fa->fmtstr,
fsize(f, iocur_top->data, parentoff, 0),
next prev parent reply other threads:[~2017-04-08 3:03 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-08 3:03 [RFC PATCH v1 0/4] xfs_db misc. btree dumping improvements Darrick J. Wong
2017-04-08 3:03 ` Darrick J. Wong [this message]
2017-04-08 3:03 ` [PATCH 2/4] xfs_db: use iocursor type to guess btree geometry if bad magic Darrick J. Wong
2017-04-08 23:19 ` Dave Chinner
2017-04-10 21:08 ` Darrick J. Wong
2017-04-08 3:04 ` [PATCH 3/4] xfs_db: complain about dir/attr blocks with bad magics Darrick J. Wong
2017-04-08 3:04 ` [PATCH 4/4] xfs_db: dump metadata btrees via 'btdump' Darrick J. Wong
2017-04-08 23:11 ` Dave Chinner
2017-04-10 22:47 [PATCH v2 0/4] xfs_db misc. btree dumping improvements Darrick J. Wong
2017-04-10 22:47 ` [PATCH 1/4] xfs_db: don't print arrays off the end of a buffer Darrick J. Wong
2017-04-26 17:12 ` Eric Sandeen
2017-04-26 17:45 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=149162062896.22901.1082958527237251943.stgit@birch.djwong.org \
--to=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.