From ee18a6bd9addbbac4d0413895ef134cceda3f58e Mon Sep 17 00:00:00 2001 From: Alessio Balsini Date: Mon, 15 Feb 2021 14:47:16 +0000 Subject: Fix expected BLKGETSIZE64 ioctl result type to 64 bit The BLKGETSIZE64 ioctl writes 64 bit to the destination address. In the current implementation the destination pointer is set as u_long, that is only fine for 64 bit architectures. In 32 bit architectures u_long is a 32 bit unsigned and might cause the kernel to overwrite neighbor elements in the stack, leading to unexpected results. Fix by forcing the destination variable type to 64 bit. Bug: 180318855 Test: formatted SD card Change-Id: Ie13a5bae0db61356554340f45ee0bd89d71862fa Signed-off-by: Alessio Balsini --- mkfs_msdos.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mkfs_msdos.c b/mkfs_msdos.c index 08c435b..946096f 100644 --- a/mkfs_msdos.c +++ b/mkfs_msdos.c @@ -936,14 +936,14 @@ static int getdiskinfo(int fd, const char *fname, const char *dtype, if (ckgeom(fname, bpb->bpbBytesPerSec, "bytes/sector") == -1) return -1; - u_long device_size; + u_int64_t device_size; if (ioctl(fd, BLKGETSIZE64, &device_size)) { err(1, "ioctl(BLKGETSIZE64) failed"); } - u_long sectors = device_size/bpb->bpbBytesPerSec; - if (sectors > UINT32_MAX) { - errx(1, "too many sectors: %lu (%lu byte device, %u bytes/sector)", + u_int64_t sectors = device_size/bpb->bpbBytesPerSec; + if (sectors > UINT_MAX) { + errx(1, "too many sectors: %"PRIu64" (%"PRIu64" byte device, %u bytes/sector)", sectors, device_size, bpb->bpbBytesPerSec); } bpb->bpbHugeSectors = sectors; -- cgit v1.2.3