diff options
author | Alessio Balsini <balsini@google.com> | 2021-02-15 14:47:16 +0000 |
---|---|---|
committer | Alessio Balsini <balsini@google.com> | 2021-02-15 14:48:00 +0000 |
commit | ee18a6bd9addbbac4d0413895ef134cceda3f58e (patch) | |
tree | 885b8e876ede7b65d35f3b1c44372e970430ca47 | |
parent | 7b8762f4da27e1095016717991ac89ccb131a236 (diff) | |
download | newfs_msdos-ee18a6bd9addbbac4d0413895ef134cceda3f58e.tar.gz |
Fix expected BLKGETSIZE64 ioctl result type to 64 bit
The BLKGETSIZE64 ioctl writes 64 bit to the destination address.
In the current implementation the destination pointer is set as u_long,
that is only fine for 64 bit architectures. In 32 bit architectures
u_long is a 32 bit unsigned and might cause the kernel to overwrite
neighbor elements in the stack, leading to unexpected results.
Fix by forcing the destination variable type to 64 bit.
Bug: 180318855
Test: formatted SD card
Change-Id: Ie13a5bae0db61356554340f45ee0bd89d71862fa
Signed-off-by: Alessio Balsini <balsini@google.com>
-rw-r--r-- | mkfs_msdos.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/mkfs_msdos.c b/mkfs_msdos.c index 08c435b..946096f 100644 --- a/mkfs_msdos.c +++ b/mkfs_msdos.c @@ -936,14 +936,14 @@ static int getdiskinfo(int fd, const char *fname, const char *dtype, if (ckgeom(fname, bpb->bpbBytesPerSec, "bytes/sector") == -1) return -1; - u_long device_size; + u_int64_t device_size; if (ioctl(fd, BLKGETSIZE64, &device_size)) { err(1, "ioctl(BLKGETSIZE64) failed"); } - u_long sectors = device_size/bpb->bpbBytesPerSec; - if (sectors > UINT32_MAX) { - errx(1, "too many sectors: %lu (%lu byte device, %u bytes/sector)", + u_int64_t sectors = device_size/bpb->bpbBytesPerSec; + if (sectors > UINT_MAX) { + errx(1, "too many sectors: %"PRIu64" (%"PRIu64" byte device, %u bytes/sector)", sectors, device_size, bpb->bpbBytesPerSec); } bpb->bpbHugeSectors = sectors; |