[Cluster-devel] [PATCH] hexedit: avoid NULL dereference upon failed malloc

Jim Meyering jim at meyering.net
Wed Jun 17 16:00:13 UTC 2009 

If the malloc of more_indir fails, the subsequent deref
via memset would cause a segfault.

I chose to avoid that by making more_indir a stack-local.
If it's 512-byte size is too big for your stack
requirements, let me know and I'll rewrite to
use malloc -- though doing it that way (and taking
care to avoid leaks), would probably end up uglier.

>From fda0f39b0389088b0ea66216aed21d4f5f1bb604 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Wed, 17 Jun 2009 16:54:03 +0200
Subject: [PATCH] hexedit: avoid NULL dereference upon failed malloc

* gfs2/edit/hexedit.c (display_indirect): Avoid unchecked malloc
by declaring more_indir on the stack.
---
 gfs2/edit/hexedit.c |   12 +++++-------
 1 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/gfs2/edit/hexedit.c b/gfs2/edit/hexedit.c
index e8c6030..84b4be4 100644
--- a/gfs2/edit/hexedit.c
+++ b/gfs2/edit/hexedit.c
@@ -1477,13 +1477,12 @@ static int display_indirect(struct iinfo *ind, int indblocks, int level, uint64_
 			file_offset = 0;
 		if (!termlines && ((level + 1 < di.di_height) ||
 				   (S_ISDIR(di.di_mode) && !level))) {
-			struct iinfo *more_indir;
 			int more_ind;
 			char *tmpbuf;
 			
-			more_indir = malloc(sizeof(struct iinfo));
 			tmpbuf = malloc(sbd.bsize);
 			if (tmpbuf) {
+				struct iinfo more_indir;
 				lseek(sbd.device_fd,
 				      ind->ii[pndx].block * sbd.bsize,
 				      SEEK_SET);
@@ -1500,18 +1499,17 @@ static int display_indirect(struct iinfo *ind, int indblocks, int level, uint64_
 				}
 				memset(more_indir, 0, sizeof(struct iinfo));
 				if (S_ISDIR(di.di_mode)) {
-					do_leaf_extended(tmpbuf, more_indir);
-					display_leaf(more_indir);
+					do_leaf_extended(tmpbuf, &more_indir);
+					display_leaf(&more_indir);
 				} else {
 					more_ind = do_indirect_extended(tmpbuf,
-									more_indir);
-					display_indirect(more_indir,
+									&more_indir);
+					display_indirect(&more_indir,
 							 more_ind, level + 1,
 							 file_offset);
 				}
 				free(tmpbuf);
 			}
-			free(more_indir);
 		}
 		print_entry_ndx = pndx; /* restore after recursion */
 		eol(0);
-- 
1.6.3.2.406.gd6a466

More information about the Cluster-devel mailing list