Tracker: Patches
5
fix buffer overflow in fix_two_inode_bloks - ID: 1318731
Last Update: Attachment added ( bushing )
I found a buffer overflow that caused e2salvage
0.0.9beta (well, the current CVS version) to segfault
on my test drive; I believe the problem has been
mentioned once or twice on the dev mailing list, too.
In salvage_dir_inodes.c, fix_two_inode_bloks walks an
inode chain; as part of that, it stores offsets into
ofs[] for later use; that array is fixed at 128
elements, so if the inode chain is ever larger than
that, it will overflow and corrupt *p.
I opted to comment out the ofs definition and
assignment, because the only reference to it is
commented out, too. :)
Ben
Nobody/Anonymous
None
None
Public
Comments
Log in to comment.
No follow-up comments have been posted.
Attached File ( 1 )
| Filename | Description | Download |
|---|---|---|
| salvage_dir_inodes_ofs.patch | tiny patch to fix segfault in fix_two_inode_bloks | Download |
Change ( 1 )
| Field | Old Value | Date | By |
|---|---|---|---|
| File Added | 151784: salvage_dir_inodes_ofs.patch | 2005-10-08 19:55 | bushing |
About SourceForge
Develop Software
Community
Copyright © 2009 Geeknet, Inc. All rights reserved. Terms of Use
