From: Ren Wei <n05ec@lzu.edu.cn>
To: linux-block@vger.kernel.org
Cc: axboe@kernel.dk, kees@kernel.org, hexlabsecurity@proton.me,
phdm@macqel.be, objecting@objecting.org,
akpm@linux-foundation.org, yuantan098@gmail.com, bird@lzu.edu.cn,
roxy520tt@gmail.com, n05ec@lzu.edu.cn
Subject: [PATCH 1/1] block: partition: aix: bound LV name formatting
Date: Fri, 26 Jun 2026 15:21:22 +0800 [thread overview]
Message-ID: <6f381f63ccfe458e15067fd9b9428884cb8d5f97.1782407859.git.roxy520tt@gmail.com> (raw)
In-Reply-To: <cover.1782398104.git.roxy520tt@gmail.com>
From: Zhiling Zou <roxy520tt@gmail.com>
AIX logical volume names are stored on disk as fixed-size fields.
The partition parser reads them into struct lvname, but later formats
the fields with %s. If an on-disk name is not NUL-terminated, the string
formatting code can keep reading past the end of the 64-byte name field.
Limit the formatted string length to the size of the on-disk name field
when printing AIX logical volume names.
Fixes: 6ceea22bbbc8 ("partitions: add aix lvm partition support files")
Cc: stable@vger.kernel.org
Reported-by: Yuan Tan <yuantan098@gmail.com>
Reported-by: Xin Liu <bird@lzu.edu.cn>
Assisted-by: Codex:gpt-5.4
Signed-off-by: Zhiling Zou <roxy520tt@gmail.com>
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
---
block/partitions/aix.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/block/partitions/aix.c b/block/partitions/aix.c
index f3c4174e003e..de19c19c85b2 100644
--- a/block/partitions/aix.c
+++ b/block/partitions/aix.c
@@ -261,7 +261,8 @@ int aix_partition(struct parsed_partitions *state)
put_partition(state, lv_ix + 1,
(i + 1 - lp_ix) * pp_blocks_size + psn_part1,
lvip[lv_ix].pps_per_lv * pp_blocks_size);
- seq_buf_printf(&state->pp_buf, " <%s>\n",
+ seq_buf_printf(&state->pp_buf, " <%.*s>\n",
+ (int)sizeof(n[lv_ix].name),
n[lv_ix].name);
lvip[lv_ix].lv_is_contiguous = 1;
ret = 1;
@@ -273,7 +274,8 @@ int aix_partition(struct parsed_partitions *state)
if (lvip[i].pps_found && !lvip[i].lv_is_contiguous) {
char tmp[sizeof(n[i].name) + 1]; // null char
- snprintf(tmp, sizeof(tmp), "%s", n[i].name);
+ snprintf(tmp, sizeof(tmp), "%.*s",
+ (int)sizeof(n[i].name), n[i].name);
pr_warn("partition %s (%u pp's found) is "
"not contiguous\n",
tmp, lvip[i].pps_found);
--
2.43.0
next parent reply other threads:[~2026-06-26 7:22 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1782398104.git.roxy520tt@gmail.com>
2026-06-26 7:21 ` Ren Wei [this message]
2026-06-26 9:09 ` [PATCH 1/1] block: partition: aix: bound LV name formatting Philippe De Muyter
2026-06-27 4:37 ` tt roxy
2026-06-28 16:40 ` Philippe De Muyter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6f381f63ccfe458e15067fd9b9428884cb8d5f97.1782407859.git.roxy520tt@gmail.com \
--to=n05ec@lzu.edu.cn \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=bird@lzu.edu.cn \
--cc=hexlabsecurity@proton.me \
--cc=kees@kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=objecting@objecting.org \
--cc=phdm@macqel.be \
--cc=roxy520tt@gmail.com \
--cc=yuantan098@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox