aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSam Ravnborg <sam@ravnborg.org>2006-03-17 02:04:08 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2006-03-17 10:51:25 -0500
commit7670f023aabd976c25862e4c6fb9f6d9d2758153 (patch)
tree13c1c1fe41028f1f4752e10eef1a162b4f38c937
parent85c6932ef0c7a82c309f8728ddf29768001d794e (diff)
[PATCH] kbuild: fix buffer overflow in modpost
Jiri Benc <jbenc@suse.cz> reported that modpost would stop with SIGABRT if used with long filepaths. The error looked like: > Building modules, stage 2. > MODPOST > *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size: +0x0809f588 *** > [...] Fix this by allocating at least the required memory + SZ bytes each time. Before we sometimes ended up allocating too little memory resuting in the glibc detected bug above. Based on patch originally submitted by: Jiri Benc <jbenc@suse.cz> Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--scripts/mod/modpost.c9
1 files changed, 2 insertions, 7 deletions
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index f70ff13d4818..b8b2a560b26b 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -508,12 +508,7 @@ buf_printf(struct buffer *buf, const char *fmt, ...)
508 508
509 va_start(ap, fmt); 509 va_start(ap, fmt);
510 len = vsnprintf(tmp, SZ, fmt, ap); 510 len = vsnprintf(tmp, SZ, fmt, ap);
511 if (buf->size - buf->pos < len + 1) { 511 buf_write(buf, tmp, len);
512 buf->size += 128;
513 buf->p = realloc(buf->p, buf->size);
514 }
515 strncpy(buf->p + buf->pos, tmp, len + 1);
516 buf->pos += len;
517 va_end(ap); 512 va_end(ap);
518} 513}
519 514
@@ -521,7 +516,7 @@ void
521buf_write(struct buffer *buf, const char *s, int len) 516buf_write(struct buffer *buf, const char *s, int len)
522{ 517{
523 if (buf->size - buf->pos < len) { 518 if (buf->size - buf->pos < len) {
524 buf->size += len; 519 buf->size += len + SZ;
525 buf->p = realloc(buf->p, buf->size); 520 buf->p = realloc(buf->p, buf->size);
526 } 521 }
527 strncpy(buf->p + buf->pos, s, len); 522 strncpy(buf->p + buf->pos, s, len);