Fix buffer overflow in blk_alloc_to_base_fs

Bug: 68988643
Change-Id: I6a81c8197780430a9e5816181a81fe7bafc3e47f

1 files changed, 9 insertions, 3 deletions

diff --git a/ext4_utils/blk_alloc_to_base_fs.c b/ext4_utils/blk_alloc_to_base_fs.c
index 1761fda5..877daea7 100644
--- a/ext4_utils/blk_alloc_to_base_fs.c
+++ b/ext4_utils/blk_alloc_to_base_fs.c
@@ -19,10 +19,16 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/cdefs.h>
 
 #define MAX_PATH 4096
 #define MAX_FILE_VERSION 100
 
+#ifndef __STRING
+#define __STRING(x) #x
+#endif
+#define ___STRING(x) __STRING(x)
+
 static void usage(char *filename)
 {
     fprintf(stderr, "Usage: %s input_blk_alloc_file output_base_fs_file \n", filename);
@@ -31,7 +37,7 @@ static void usage(char *filename)
 int main(int argc, char **argv)
 {
     FILE *blk_alloc_file = NULL, *base_fs_file = NULL;
-    char filename[MAX_PATH], file_version[MAX_FILE_VERSION], *spaced_allocs = NULL;
+    char filename[MAX_PATH+1], file_version[MAX_FILE_VERSION+1], *spaced_allocs = NULL;
     size_t spaced_allocs_len = 0;
 
     if (argc != 3) {
@@ -48,7 +54,7 @@ int main(int argc, char **argv)
         fprintf(stderr, "failed to open %s: %s\n", argv[2], strerror(errno));
         exit(EXIT_FAILURE);
     }
-    if (fscanf(blk_alloc_file, "Base EXT4 version %s", file_version) > 0) {
+    if (fscanf(blk_alloc_file, "Base EXT4 version %" ___STRING(MAX_FILE_VERSION) "s", file_version) > 0) {
         char c;
         printf("%s is already in *.base_fs format, just copying into %s...\n", argv[1], argv[2]);
         rewind(blk_alloc_file);
@@ -61,7 +67,7 @@ int main(int argc, char **argv)
         rewind(blk_alloc_file);
     }
     fprintf(base_fs_file, "Base EXT4 version 1.0\n");
-    while(fscanf(blk_alloc_file, "%s ", filename) != EOF) {
+    while(fscanf(blk_alloc_file, "%" ___STRING(MAX_PATH) "s ", filename) != EOF) {
         int i;
         fprintf(base_fs_file, "%s ", filename);
         if (getline(&spaced_allocs, &spaced_allocs_len, blk_alloc_file) == -1) {