aboutsummaryrefslogtreecommitdiffstats
path: root/fs/udf/unicode.c
diff options
context:
space:
mode:
authorMarcin Slusarz <marcin.slusarz@gmail.com>2008-02-04 16:27:39 -0500
committerJan Kara <jack@suse.cz>2008-04-17 08:22:24 -0400
commit6305a0a9d559e97807b8bc6d5250fd525dc571a7 (patch)
tree5f644150de3fac27458f347cf9d59d0a52ba3611 /fs/udf/unicode.c
parent79cfe0ff5fb585b92126365a2881262945ac0ee9 (diff)
udf: fix udf_build_ustr
udf_build_ustr was broken: - size == 1: dest->u_len = ptr[1 - 1], but at ptr[0] there's cmpID, so we created string with wrong length it should not happen, so we BUG() it - size > 1 and size < UDF_NAME_LEN: we set u_len correctly, but memcpy copied one needless byte - size == UDF_NAME_LEN - 1: memcpy overwrited u_len - with correct value, but... - size >= UDF_NAME_LEN: we copied UDF_NAME_LEN - 1 bytes, but dest->u_name is array of UDF_NAME_LEN - 2 bytes, so we were overwriting u_len with character from input string nobody noticed because all callers set size to acceptable values (constants within range) Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/udf/unicode.c')
-rw-r--r--fs/udf/unicode.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c
index 05bc505ec01a..24d6165d21a9 100644
--- a/fs/udf/unicode.c
+++ b/fs/udf/unicode.c
@@ -48,14 +48,16 @@ int udf_build_ustr(struct ustr *dest, dstring *ptr, int size)
48{ 48{
49 int usesize; 49 int usesize;
50 50
51 if ((!dest) || (!ptr) || (!size)) 51 if (!dest || !ptr || !size)
52 return -1; 52 return -1;
53 BUG_ON(size < 2);
53 54
54 memset(dest, 0, sizeof(struct ustr)); 55 usesize = min_t(size_t, ptr[size - 1], sizeof(dest->u_name));
55 usesize = (size > UDF_NAME_LEN) ? UDF_NAME_LEN : size; 56 usesize = min(usesize, size - 2);
56 dest->u_cmpID = ptr[0]; 57 dest->u_cmpID = ptr[0];
57 dest->u_len = ptr[size - 1]; 58 dest->u_len = usesize;
58 memcpy(dest->u_name, ptr + 1, usesize - 1); 59 memcpy(dest->u_name, ptr + 1, usesize);
60 memset(dest->u_name + usesize, 0, sizeof(dest->u_name) - usesize);
59 61
60 return 0; 62 return 0;
61} 63}