From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
Before printing an array, clamp the array count against the size of the
buffer so that we don't print random heap contents.
Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
---
db/print.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/db/print.c b/db/print.c
index e31372f..0caad8f 100644
--- a/db/print.c
+++ b/db/print.c
@@ -144,6 +144,17 @@ print_flist_1(
if (fl->flags & FL_OKHIGH)
count = min(count, fl->high - low + 1);
if (fa->prfunc) {
+ int fsz;
+ int bitlen;
+
+ /* Don't read an array off the end of the buffer */
+ fsz = fsize(f, iocur_top->data, parentoff, 0);
+ bitlen = iocur_top->len * NBBY;
+ if ((f->flags & FLD_ARRAY) &&
+ fl->offset + (count * fsz) > bitlen) {
+ count = (bitlen - fl->offset) / fsz;
+ }
+
neednl = fa->prfunc(iocur_top->data, fl->offset,
count, fa->fmtstr,
fsize(f, iocur_top->data, parentoff, 0),
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
