[PATCH] imsm: fix: prevent segfault in mark

linux-raid.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] imsm: fix: prevent segfault in mark_failure
@ 2011-10-19  9:51 Lukasz Dorau
  2011-10-20  2:00 ` NeilBrown
  0 siblings, 1 reply; 2+ messages in thread
From: Lukasz Dorau @ 2011-10-19  9:51 UTC (permalink / raw)
  To: neilb; +Cc: linux-raid, dan.j.williams, marcin.labun, ed.ciechanowski

Using an array of chars without the terminating null byte
as a parameter of sprintf() function causes segfault
when dealing with SAS drives (with 20-digits serial number).
The memcpy() function is used instead.

Signed-off-by: Lukasz Dorau <lukasz.dorau@intel.com>
---
 super-intel.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/super-intel.c b/super-intel.c
index 401c701..2c1bf05 100644
--- a/super-intel.c
+++ b/super-intel.c
@@ -6015,7 +6015,9 @@ static int mark_failure(struct imsm_dev *dev, struct imsm_disk *disk, int idx)
 	if (is_failed(disk) && (ord & IMSM_ORD_REBUILD))
 		return 0;
 
-	sprintf(buf, "%s:0", disk->serial);
+	memcpy(buf, disk->serial, MAX_RAID_SERIAL_LEN);
+	buf[MAX_RAID_SERIAL_LEN] = '\000';
+	strcat(buf, ":0");
 	if ((len = strlen(buf)) >= MAX_RAID_SERIAL_LEN)
 		shift = len - MAX_RAID_SERIAL_LEN + 1;
 	strncpy((char *)disk->serial, &buf[shift], MAX_RAID_SERIAL_LEN);


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] imsm: fix: prevent segfault in mark_failure
  2011-10-19  9:51 [PATCH] imsm: fix: prevent segfault in mark_failure Lukasz Dorau
@ 2011-10-20  2:00 ` NeilBrown
  0 siblings, 0 replies; 2+ messages in thread
From: NeilBrown @ 2011-10-20  2:00 UTC (permalink / raw)
  To: Lukasz Dorau; +Cc: linux-raid, dan.j.williams, marcin.labun, ed.ciechanowski

[-- Attachment #1: Type: text/plain, Size: 1126 bytes --]

On Wed, 19 Oct 2011 11:51:48 +0200 Lukasz Dorau <lukasz.dorau@intel.com>
wrote:

> Using an array of chars without the terminating null byte
> as a parameter of sprintf() function causes segfault
> when dealing with SAS drives (with 20-digits serial number).
> The memcpy() function is used instead.
> 
> Signed-off-by: Lukasz Dorau <lukasz.dorau@intel.com>
> ---
>  super-intel.c |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)
> 
> diff --git a/super-intel.c b/super-intel.c
> index 401c701..2c1bf05 100644
> --- a/super-intel.c
> +++ b/super-intel.c
> @@ -6015,7 +6015,9 @@ static int mark_failure(struct imsm_dev *dev, struct imsm_disk *disk, int idx)
>  	if (is_failed(disk) && (ord & IMSM_ORD_REBUILD))
>  		return 0;
>  
> -	sprintf(buf, "%s:0", disk->serial);
> +	memcpy(buf, disk->serial, MAX_RAID_SERIAL_LEN);
> +	buf[MAX_RAID_SERIAL_LEN] = '\000';
> +	strcat(buf, ":0");
>  	if ((len = strlen(buf)) >= MAX_RAID_SERIAL_LEN)
>  		shift = len - MAX_RAID_SERIAL_LEN + 1;
>  	strncpy((char *)disk->serial, &buf[shift], MAX_RAID_SERIAL_LEN);


Applied. Thanks,

NeilBrown

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2011-10-20  2:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-19  9:51 [PATCH] imsm: fix: prevent segfault in mark_failure Lukasz Dorau
2011-10-20  2:00 ` NeilBrown

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).