fix buffer overflow in fix_two_inode_bloks

Brought to you by: marekzelem, mleopold, pikula

#1 fix buffer overflow in fix_two_inode_bloks

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2005-10-08

Created: 2005-10-08

Creator: bushing

Private: No

I found a buffer overflow that caused e2salvage
0.0.9beta (well, the current CVS version) to segfault
on my test drive; I believe the problem has been
mentioned once or twice on the dev mailing list, too.

In salvage_dir_inodes.c, fix_two_inode_bloks walks an
inode chain; as part of that, it stores offsets into
ofs[] for later use; that array is fixed at 128
elements, so if the inode chain is ever larger than
that, it will overflow and corrupt *p.

I opted to comment out the ofs definition and
assignment, because the only reference to it is
commented out, too. :)

Ben

Discussion

bushing - 2005-10-08

tiny patch to fix segfault in fix_two_inode_bloks

salvage_dir_inodes_ofs.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

fix buffer overflow in fix_two_inode_bloks

Group

Searches

Help

#1 fix buffer overflow in fix_two_inode_bloks

Discussion