diff options
author | Sam Ravnborg <sam@ravnborg.org> | 2006-03-17 02:04:08 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-17 10:51:25 -0500 |
commit | 7670f023aabd976c25862e4c6fb9f6d9d2758153 (patch) | |
tree | 13c1c1fe41028f1f4752e10eef1a162b4f38c937 | |
parent | 85c6932ef0c7a82c309f8728ddf29768001d794e (diff) |
[PATCH] kbuild: fix buffer overflow in modpost
Jiri Benc <jbenc@suse.cz> reported that modpost would stop with SIGABRT if
used with long filepaths.
The error looked like:
> Building modules, stage 2.
> MODPOST
> *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size:
+0x0809f588 ***
> [...]
Fix this by allocating at least the required memory + SZ bytes each time.
Before we sometimes ended up allocating too little memory resuting in the
glibc detected bug above. Based on patch originally submitted by: Jiri
Benc <jbenc@suse.cz>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | scripts/mod/modpost.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index f70ff13d4818..b8b2a560b26b 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c | |||
@@ -508,12 +508,7 @@ buf_printf(struct buffer *buf, const char *fmt, ...) | |||
508 | 508 | ||
509 | va_start(ap, fmt); | 509 | va_start(ap, fmt); |
510 | len = vsnprintf(tmp, SZ, fmt, ap); | 510 | len = vsnprintf(tmp, SZ, fmt, ap); |
511 | if (buf->size - buf->pos < len + 1) { | 511 | buf_write(buf, tmp, len); |
512 | buf->size += 128; | ||
513 | buf->p = realloc(buf->p, buf->size); | ||
514 | } | ||
515 | strncpy(buf->p + buf->pos, tmp, len + 1); | ||
516 | buf->pos += len; | ||
517 | va_end(ap); | 512 | va_end(ap); |
518 | } | 513 | } |
519 | 514 | ||
@@ -521,7 +516,7 @@ void | |||
521 | buf_write(struct buffer *buf, const char *s, int len) | 516 | buf_write(struct buffer *buf, const char *s, int len) |
522 | { | 517 | { |
523 | if (buf->size - buf->pos < len) { | 518 | if (buf->size - buf->pos < len) { |
524 | buf->size += len; | 519 | buf->size += len + SZ; |
525 | buf->p = realloc(buf->p, buf->size); | 520 | buf->p = realloc(buf->p, buf->size); |
526 | } | 521 | } |
527 | strncpy(buf->p + buf->pos, s, len); | 522 | strncpy(buf->p + buf->pos, s, len); |