diff options
| author | Przemyslaw Pawelczyk <przemoc@gmail.com> | 2017-11-24 02:02:38 +0100 | 
|---|---|---|
| committer | Przemyslaw Pawelczyk <przemoc@gmail.com> | 2017-11-24 02:02:38 +0100 | 
| commit | 5b060d5b7f0d76ee5c8626d34747cf605dd81e13 (patch) | |
| tree | 2e37f2d423181da436e66e49d08c7d413d388b7d | |
| parent | fbc3ebea75cb92d4ce847aa877269f4217ab6dee (diff) | |
metaentry.c: Fix underallocation for xattr_lvalues.
Wrong type has been used for calculating size of requested memory.
Underallocation happened in mentries_fromfile() code path if
sizeof(ssize_t) > sizeof(int), which is true on 64-bit platforms.
Reading metadata file with extended attributes entries led to corruption
of metadata represented in memory on such platforms, so applying could
led to corruption of metadata on disk too.
Reported-by: Uros Juvan <asmpro@gmail.com>
| -rw-r--r-- | NEWS | 11 | ||||
| -rw-r--r-- | src/metaentry.c | 2 | 
2 files changed, 11 insertions, 2 deletions
| @@ -1,4 +1,13 @@ -v1.1.0                                                        2016-02-01 +Latest stuff +------------------------------------------------------------------------ + + * BUGFIX: Reading metadata file with extended attributes entries led +           to corruption of metadata represented in memory on 64-bit +           platforms, so applying could led to corruption of metadata +           on disk too.  Bug discovered thanks to Uros Juvan. + + +v1.1.0                                                      (2016-02-01)  ------------------------------------------------------------------------   * BUGFIX: Applying metadata with extended attribute having null byte diff --git a/src/metaentry.c b/src/metaentry.c index 2f850fd..2e2d7a4 100644 --- a/src/metaentry.c +++ b/src/metaentry.c @@ -500,7 +500,7 @@ mentries_fromfile(struct metahash **mhash, const char *path)  		}  		mentry->xattr_names   = xmalloc(mentry->xattrs * sizeof(char *)); -		mentry->xattr_lvalues = xmalloc(mentry->xattrs * sizeof(int)); +		mentry->xattr_lvalues = xmalloc(mentry->xattrs * sizeof(ssize_t));  		mentry->xattr_values  = xmalloc(mentry->xattrs * sizeof(char *));  		for (i = 0; i < mentry->xattrs; i++) { | 
