[PATCH 3/4] e2fsprogs: Fix write size in ext2fs_mmp_write

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Sandeen <sandeen@redhat.com>
To: ext4 development <linux-ext4@vger.kernel.org>
Subject: [PATCH 3/4] e2fsprogs: Fix write size in ext2fs_mmp_write
Date: Thu, 10 Nov 2011 17:00:12 -0600	[thread overview]
Message-ID: <4EBC577C.9010607@redhat.com> (raw)
In-Reply-To: <4EBC5524.3000105@redhat.com>

Without this change, we will write data past the end of the
mmp buf.  Valgrind catches this:

==6373== Syscall param write(buf) points to unaddressable byte(s)
==6373==    at 0x362260E470: __write_nocancel (in /lib64/libpthread-2.12.2.so)
==6373==    by 0x41CF83: raw_write_blk (unix_io.c:255)
==6373==    by 0x41D2BC: unix_write_blk64 (unix_io.c:757)
==6373==    by 0x41A05D: ext2fs_mmp_write (mmp.c:130)
==6373==    by 0x40B0C9: do_set_mmp_value (set_fields.c:806)
==6373==    by 0x421B61: really_execute_command (execute_cmd.c:108)
==6373==    by 0x421C54: ss_execute_line (execute_cmd.c:234)
==6373==    by 0x403743: main (debugfs.c:2339)
==6373==  Address 0x63f000 is not stack'd, malloc'd or (recently) free'd

and in my testing it led to silent failures while writing the mmp
block in debugfs:

write(3, "xV4\22PMM\342\325V\274N\0\0\0\0host.name."..., 4096) = -1 EFAULT (Bad address)

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---

p.s. I could do with a comment about what a negative "count" means...?

diff --git a/lib/ext2fs/mmp.c b/lib/ext2fs/mmp.c
index 91f4fb2..b27d9a4 100644
--- a/lib/ext2fs/mmp.c
+++ b/lib/ext2fs/mmp.c
@@ -127,7 +127,7 @@ errcode_t ext2fs_mmp_write(ext2_filsys fs, blk64_t mmp_blk, void *buf)
 
 	/* I was tempted to make this use O_DIRECT and the mmp_fd, but
 	 * this caused no end of grief, while leaving it as-is works. */
-	retval = io_channel_write_blk64(fs->io, mmp_blk, -fs->blocksize, buf);
+	retval = io_channel_write_blk64(fs->io, mmp_blk, -(int)sizeof(struct mmp_struct), buf);
 
 #ifdef WORDS_BIGENDIAN
 	ext2fs_swap_mmp(mmp_s);

next prev parent reply	other threads:[~2011-11-10 23:00 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-11-10 22:50 [PATCH 0/4] cleanup various mmp cruft & bugs Eric Sandeen
2011-11-10 22:51 ` [PATCH 1/4] e2fsprogs: Document mmp commands in debugfs manpage Eric Sandeen
2011-11-12  2:12   ` Ted Ts'o
2011-11-10 22:53 ` [PATCH 2/4] e2fsprogs: Tidy up mmp handling in debugfs Eric Sandeen
2011-11-12  2:12   ` Ted Ts'o
2011-11-10 23:00 ` Eric Sandeen [this message]
2011-11-12  2:13   ` [PATCH 3/4] e2fsprogs: Fix write size in ext2fs_mmp_write Ted Ts'o
2011-11-10 23:04 ` [PATCH 4/4] e2fsprogs: fix mmp tests on hard 4k devices (resend) Eric Sandeen
2011-11-12  2:13   ` Ted Ts'o

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:91f4fb2 dfblob:b27d9a4 )
 OR (
bs:"[PATCH 3/4] e2fsprogs: Fix write size in ext2fs_mmp_write" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4EBC577C.9010607@redhat.com \
    --to=sandeen@redhat.com \
    --cc=linux-ext4@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.