Menu

#78 Bug (endless loop with buffer overflow) in sysfs.c

v1.0 (example)
closed-fixed
nobody
None
8
2018-09-04
2018-08-06
cwuensch
No

I was making a small spin-off from hdparm for an embedded MIPSel device, which just sets the hdd into standby (as with parameter -y).

During this I detected a severe bug in sysfs.c:
In function sysfs_find_attr_file_path an endless loop is produced, because there is missing a

depth++;

in line 237.
This leads to infinite expansion of path, producing a buffer overflow and (in my case) some random other variables were overwritten...

I cannot really figure out, what exactly this function is meant to do. But since it is called with path=/sys/block/sda (for example) I assume that the line

        strcat(path, "/..");

should also be better placed at the end of the loop. Right?

Maybe you could inspect the whole function and its calling again?
Would be thankful for hearing your expertise...

Discussion

  • Mark Lord

    Mark Lord - 2018-09-03
    • status: open --> closed-fixed
     

  • Mark Lord

    Mark Lord - 2018-09-03

    Fixed for next release (hdparm-9.57)

     

  • cwuensch

    cwuensch - 2018-09-04

    May I get the revised code?
    Or could you post your changes here, please?
    I could not find any source files...

     

  • Mark Lord

    Mark Lord - 2018-09-04

    Due to other changes in the next release, the code is not yet "in shape" for passing along.
    For this bug, I just ensured that the loop does do depth++ each time around. The sysfs attr that it is looking for does not always (or even often?) exist, so it's not an error to not find it.

    Cheers

     

Log in to post a comment.

MongoDB Logo MongoDB