[1/4] xfs_db: don't print arrays off the end of a buffer

Commit Message

Darrick J. Wong April 8, 2017, 3:03 a.m. UTC

From: Darrick J. Wong <darrick.wong@oracle.com>

Before printing an array, clamp the array count against the size of the
buffer so that we don't print random heap contents.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
 db/print.c |   11 +++++++++++
 1 file changed, 11 insertions(+)



--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/db/print.c b/db/print.c
index e31372f..0caad8f 100644
--- a/db/print.c
+++ b/db/print.c
@@ -144,6 +144,17 @@  print_flist_1(
 			if (fl->flags & FL_OKHIGH)
 				count = min(count, fl->high - low + 1);
 			if (fa->prfunc) {
+				int	fsz;
+				int	bitlen;
+
+				/* Don't read an array off the end of the buffer */
+				fsz = fsize(f, iocur_top->data, parentoff, 0);
+				bitlen = iocur_top->len * NBBY;
+				if ((f->flags & FLD_ARRAY) &&
+				    fl->offset + (count * fsz) > bitlen) {
+					count = (bitlen - fl->offset) / fsz;
+				}
+
 				neednl = fa->prfunc(iocur_top->data, fl->offset,
 					count, fa->fmtstr,
 					fsize(f, iocur_top->data, parentoff, 0),