Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Minor
Fix Version/s: None
Affects Version/s: Lustre 2.6.0
Labels:
- mdd

Severity:
3
Rank (Obsolete):
13359

Description

In mdd_migrate_entries(), lde_namelen + 1 is passed as the buffer size argument.

char *name = mdd_env_info(env)->mti_key;
...
snprintf(name, ent->lde_namelen + 1, "%s", ent->lde_name);

This is not the buffer size and in fact comes from disk. This should be:

char *name = mdd_env_info(env)->mti_key;
size_t name_size = sizeof(mdd_env_info(env)->mti_key);
...
snprintf(name, name_size, "%.*s", (int)ent->lde_namelen + 1, ent->lde_name);

Also recsize and lde_namelen should be validated against the allocated size of ent and (NAME_MAX). Currently recsize is set but unused.

Attachments

Activity

People

Assignee:: WC Triage

Reporter:: John Hammond

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 01/Apr/14 6:10 PM

Updated:: 09/Jan/20 7:30 AM

Resolved:: 09/Jan/20 7:30 AM