Commit 7670f023 authored by Sam Ravnborg's avatar Sam Ravnborg Committed by Linus Torvalds

[PATCH] kbuild: fix buffer overflow in modpost

Jiri Benc <jbenc@suse.cz> reported that modpost would stop with SIGABRT if
used with long filepaths.
The error looked like:
>   Building modules, stage 2.
>   MODPOST
> *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size:
+0x0809f588 ***
> [...]

Fix this by allocating at least the required memory + SZ bytes each time.
Before we sometimes ended up allocating too little memory resuting in the
glibc detected bug above.  Based on patch originally submitted by: Jiri
Benc <jbenc@suse.cz>
Signed-off-by: default avatarSam Ravnborg <sam@ravnborg.org>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 85c6932e
...@@ -508,12 +508,7 @@ buf_printf(struct buffer *buf, const char *fmt, ...) ...@@ -508,12 +508,7 @@ buf_printf(struct buffer *buf, const char *fmt, ...)
va_start(ap, fmt); va_start(ap, fmt);
len = vsnprintf(tmp, SZ, fmt, ap); len = vsnprintf(tmp, SZ, fmt, ap);
if (buf->size - buf->pos < len + 1) { buf_write(buf, tmp, len);
buf->size += 128;
buf->p = realloc(buf->p, buf->size);
}
strncpy(buf->p + buf->pos, tmp, len + 1);
buf->pos += len;
va_end(ap); va_end(ap);
} }
...@@ -521,7 +516,7 @@ void ...@@ -521,7 +516,7 @@ void
buf_write(struct buffer *buf, const char *s, int len) buf_write(struct buffer *buf, const char *s, int len)
{ {
if (buf->size - buf->pos < len) { if (buf->size - buf->pos < len) {
buf->size += len; buf->size += len + SZ;
buf->p = realloc(buf->p, buf->size); buf->p = realloc(buf->p, buf->size);
} }
strncpy(buf->p + buf->pos, s, len); strncpy(buf->p + buf->pos, s, len);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment