svn commit: r217268 - stable/8/sys/geom/part
Matthew D Fleming
mdf at FreeBSD.org
Tue Jan 11 17:16:50 UTC 2011
Author: mdf
Date: Tue Jan 11 17:16:50 2011
New Revision: 217268
URL: http://svn.freebsd.org/changeset/base/217268
Log:
MFC r217109:
Fix a memory overflow where the input length to g_gpt_utf8_to_utf16()
was specified incorrectly, causing the bzero to run past the end of a
malloc(9)'d object.
Submitted by: Eric Youngblut < eyoungblut AT isilon DOT com >
Modified:
stable/8/sys/geom/part/g_part_gpt.c
Directory Properties:
stable/8/sys/ (props changed)
stable/8/sys/amd64/include/xen/ (props changed)
stable/8/sys/cddl/contrib/opensolaris/ (props changed)
stable/8/sys/contrib/dev/acpica/ (props changed)
stable/8/sys/contrib/pf/ (props changed)
Modified: stable/8/sys/geom/part/g_part_gpt.c
==============================================================================
--- stable/8/sys/geom/part/g_part_gpt.c Tue Jan 11 17:02:24 2011 (r217267)
+++ stable/8/sys/geom/part/g_part_gpt.c Tue Jan 11 17:16:50 2011 (r217268)
@@ -425,7 +425,8 @@ g_part_gpt_add(struct g_part_table *base
}
if (gpp->gpp_parms & G_PART_PARM_LABEL)
g_gpt_utf8_to_utf16(gpp->gpp_label, entry->ent.ent_name,
- sizeof(entry->ent.ent_name));
+ sizeof(entry->ent.ent_name) /
+ sizeof(entry->ent.ent_name[0]));
return (0);
}
@@ -588,7 +589,8 @@ g_part_gpt_modify(struct g_part_table *b
}
if (gpp->gpp_parms & G_PART_PARM_LABEL)
g_gpt_utf8_to_utf16(gpp->gpp_label, entry->ent.ent_name,
- sizeof(entry->ent.ent_name));
+ sizeof(entry->ent.ent_name) /
+ sizeof(entry->ent.ent_name[0]));
return (0);
}
More information about the svn-src-stable
mailing list