Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-7941

Possible buffer boundaries violation in following string operations.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not a Bug
    • Minor
    • None
    • Lustre 2.9.0
    • 3
    • 9223372036854775807

    Description

      function 'strncpy' will fill whole buffer 'es->s_last_error_func' of fixed size (32) with string value and will not leave place for NULL-terminator. Possible buffer boundaries violation in following string operations.

      In ldiskfs/super.c

      301		static void __save_error_info(struct super_block *sb, const char *func,
302					    unsigned int line)
303		{
304			struct ldiskfs_super_block *es = LDISKFS_SB(sb)->s_es;
305		 
306			LDISKFS_SB(sb)->s_mount_state |= LDISKFS_ERROR_FS;
307			es->s_state |= cpu_to_le16(LDISKFS_ERROR_FS);
308			es->s_last_error_time = cpu_to_le32(get_seconds());
309			strncpy(es->s_last_error_func, func, sizeof(es->s_last_error_func));
310			es->s_last_error_line = cpu_to_le32(line);
311			if (!es->s_first_error_time) {...}
319			/*
320			 * Start the daily error reporting function if it hasn't been
321			 * started already
322			 */
323			if (!es->s_error_count)
324				mod_timer(&LDISKFS_SB(sb)->s_err_report, jiffies + 24*60*60*HZ);
325			le32_add_cpu(&es->s_error_count, 1);
326		}

      Attachments

        Activity

          People

            wc-triage WC Triage
            dmiter Dmitry Eremin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: