Dear Xiao,
Thank you for your patch.
Am 28.05.24 um 04:29 schrieb Xiao Ni:
It reports buffer overflow detected when creating raid with big
nvme devices. In my test, the size of the nvme device is 1.5T.
I always like the error message and example command pasted, so chances
are higher for affected people to find this in search engine.
It can't reproduce this with nvme device which size is smaller
s/It/I/?
than 1T.
In function get_nvme_multipath_dev_hw_path it allocs memory in a for
loop and the size it allocs is big. So if the iteration number is
large, it has a risk that the stack space is larger than the limit.
So move the memory allocation at the biginning of the funtion.
… move … *to* the b*e*ginning of the fun*c*tion.
Fixes: d835518b6b53 ('imsm: nvme multipath support')
Reported-by: Guang Wu <guazhang@xxxxxxxxxx>
Signed-off-by: Xiao Ni <xni@xxxxxxxxxx>
---
platform-intel.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/platform-intel.c b/platform-intel.c
index 15a9fa5a..0732af2b 100644
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -898,6 +898,7 @@ char *get_nvme_multipath_dev_hw_path(const char *dev_path)
DIR *dir;
struct dirent *ent;
char *rp = NULL;
+ char buf[PATH_MAX];
if (strncmp(dev_path, NVME_SUBSYS_PATH, strlen(NVME_SUBSYS_PATH)) != 0)
return NULL;
@@ -907,14 +908,13 @@ char *get_nvme_multipath_dev_hw_path(const char *dev_path)
return NULL;
for (ent = readdir(dir); ent; ent = readdir(dir)) {
- char buf[strlen(dev_path) + strlen(ent->d_name) + 1];
/* Check if dir is a controller, ignore namespaces*/
if (!(strncmp(ent->d_name, "nvme", 4) == 0) ||
(strrchr(ent->d_name, 'n') != &ent->d_name[0]))
continue;
- sprintf(buf, "%s/%s", dev_path, ent->d_name);
+ snprintf(buf, PATH_MAX, "%s/%s", dev_path, ent->d_name);
rp = realpath(buf, NULL);
break;
}
Kind regards,
Paul