diff options
author | Jin Qian <jinqian@google.com> | 2017-11-09 01:22:48 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-11-09 01:22:48 +0000 |
commit | 39b9d829b8f42fe89dec2ff3ed746abe25355b71 (patch) | |
tree | 52f3c4a74e7d5bdd1bcaa4af686c33c7be6b5755 /ext4_utils | |
parent | 867e15c1737dc871202fbffbe99dca8014ee772a (diff) | |
parent | dbbcc2f198f9f11be0394aa7a6bf68c66703078a (diff) | |
download | extras-39b9d829b8f42fe89dec2ff3ed746abe25355b71.tar.gz |
Merge "Fix buffer overflow in blk_alloc_to_base_fs" am: 04c21cf554
am: dbbcc2f198
Change-Id: Ieca77e6769a69d1609c37c44b352501702c1f1f9
Diffstat (limited to 'ext4_utils')
-rw-r--r-- | ext4_utils/blk_alloc_to_base_fs.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/ext4_utils/blk_alloc_to_base_fs.c b/ext4_utils/blk_alloc_to_base_fs.c index 1761fda5..877daea7 100644 --- a/ext4_utils/blk_alloc_to_base_fs.c +++ b/ext4_utils/blk_alloc_to_base_fs.c @@ -19,10 +19,16 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <sys/cdefs.h> #define MAX_PATH 4096 #define MAX_FILE_VERSION 100 +#ifndef __STRING +#define __STRING(x) #x +#endif +#define ___STRING(x) __STRING(x) + static void usage(char *filename) { fprintf(stderr, "Usage: %s input_blk_alloc_file output_base_fs_file \n", filename); @@ -31,7 +37,7 @@ static void usage(char *filename) int main(int argc, char **argv) { FILE *blk_alloc_file = NULL, *base_fs_file = NULL; - char filename[MAX_PATH], file_version[MAX_FILE_VERSION], *spaced_allocs = NULL; + char filename[MAX_PATH+1], file_version[MAX_FILE_VERSION+1], *spaced_allocs = NULL; size_t spaced_allocs_len = 0; if (argc != 3) { @@ -48,7 +54,7 @@ int main(int argc, char **argv) fprintf(stderr, "failed to open %s: %s\n", argv[2], strerror(errno)); exit(EXIT_FAILURE); } - if (fscanf(blk_alloc_file, "Base EXT4 version %s", file_version) > 0) { + if (fscanf(blk_alloc_file, "Base EXT4 version %" ___STRING(MAX_FILE_VERSION) "s", file_version) > 0) { char c; printf("%s is already in *.base_fs format, just copying into %s...\n", argv[1], argv[2]); rewind(blk_alloc_file); @@ -61,7 +67,7 @@ int main(int argc, char **argv) rewind(blk_alloc_file); } fprintf(base_fs_file, "Base EXT4 version 1.0\n"); - while(fscanf(blk_alloc_file, "%s ", filename) != EOF) { + while(fscanf(blk_alloc_file, "%" ___STRING(MAX_PATH) "s ", filename) != EOF) { int i; fprintf(base_fs_file, "%s ", filename); if (getline(&spaced_allocs, &spaced_allocs_len, blk_alloc_file) == -1) { |