[Cluster-devel] [PATCH] hexedit: avoid NULL dereference upon failed malloc
Steven Whitehouse
swhiteho at redhat.com
Thu Jul 2 09:37:58 UTC 2009
Hi,
Also looks good to me,
Steve.
On Fri, 2009-06-19 at 09:40 +0200, Jim Meyering wrote:
> The patch I posted yesterday didn't even compile (missing "&" in memset)
> Thanks to Andy Price for checking and reporting that.
>
> Here's the corrected version:
>
> >From 152dbe7a8961cebf355b2f648f813e0c74b5e25f Mon Sep 17 00:00:00 2001
> From: Jim Meyering <meyering at redhat.com>
> Date: Wed, 17 Jun 2009 16:54:03 +0200
> Subject: [PATCH] hexedit: avoid NULL dereference upon failed malloc
>
> * gfs2/edit/hexedit.c (display_indirect): Avoid unchecked malloc
> by declaring more_indir on the stack.
> ---
> gfs2/edit/hexedit.c | 14 ++++++--------
> 1 files changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/gfs2/edit/hexedit.c b/gfs2/edit/hexedit.c
> index e8c6030..eef2a7a 100644
> --- a/gfs2/edit/hexedit.c
> +++ b/gfs2/edit/hexedit.c
> @@ -1477,13 +1477,12 @@ static int display_indirect(struct iinfo *ind, int indblocks, int level, uint64_
> file_offset = 0;
> if (!termlines && ((level + 1 < di.di_height) ||
> (S_ISDIR(di.di_mode) && !level))) {
> - struct iinfo *more_indir;
> int more_ind;
> char *tmpbuf;
>
> - more_indir = malloc(sizeof(struct iinfo));
> tmpbuf = malloc(sbd.bsize);
> if (tmpbuf) {
> + struct iinfo more_indir;
> lseek(sbd.device_fd,
> ind->ii[pndx].block * sbd.bsize,
> SEEK_SET);
> @@ -1498,20 +1497,19 @@ static int display_indirect(struct iinfo *ind, int indblocks, int level, uint64_
> (unsigned long long)ind->ii[pndx].block);
> exit(-1);
> }
> - memset(more_indir, 0, sizeof(struct iinfo));
> + memset(&more_indir, 0, sizeof(struct iinfo));
> if (S_ISDIR(di.di_mode)) {
> - do_leaf_extended(tmpbuf, more_indir);
> - display_leaf(more_indir);
> + do_leaf_extended(tmpbuf, &more_indir);
> + display_leaf(&more_indir);
> } else {
> more_ind = do_indirect_extended(tmpbuf,
> - more_indir);
> - display_indirect(more_indir,
> + &more_indir);
> + display_indirect(&more_indir,
> more_ind, level + 1,
> file_offset);
> }
> free(tmpbuf);
> }
> - free(more_indir);
> }
> print_entry_ndx = pndx; /* restore after recursion */
> eol(0);
More information about the Cluster-devel
mailing list