The code in probe_all() parses device names from /proc/partitions into
a char[128] buffer using sscanf() %128[...] format specifier.
If the device name is at least 128 bytes long, scanf() will store
those 128 bytes plus the null byte, overflowing the buffer by a single
byte. Fix by making the buffers 129 bytes long.
Signed-off-by: Sami Liedes <sami.liedes@xxxxxx>
---
lib/blkid/devname.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/blkid/devname.c b/lib/blkid/devname.c
index 3e2efa9..58baa29 100644
--- a/lib/blkid/devname.c
+++ b/lib/blkid/devname.c
@@ -394,7 +394,7 @@ static int probe_all(blkid_cache cache, int only_if_new)
{
FILE *proc;
char line[1024];
- char ptname0[128], ptname1[128], *ptname = 0;
+ char ptname0[129], ptname1[129], *ptname = 0;
char *ptnames[2];
dev_t devs[2];
int ma, mi;
--
2.1.3
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
