[LU-6395] One byte size shorter for name allocation in mgc_llog_local_copy() Created: 23/Mar/15 Updated: 14/Jun/18 Resolved: 27/Mar/15 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.8.0, Lustre 2.5.5 |
| Fix Version/s: | Lustre 2.8.0 |
| Type: | Bug | Priority: | Critical |
| Reporter: | Di Wang | Assignee: | Di Wang |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||
| Severity: | 3 | ||||||||
| Rank (Obsolete): | 9223372036854775807 | ||||||||
| Description |
|
In mgc_llog_local_copy, the temp_log name allocation is a byte shorter than it should be, which will cause bufer over-run in the following sprintf. static int mgc_llog_local_copy(const struct lu_env *env,
struct obd_device *obd,
struct llog_ctxt *rctxt,
struct llog_ctxt *lctxt, char *logname)
{
char *temp_log;
int rc;
ENTRY;
/*
* - copy it to backup using llog_backup()
* - copy remote llog to logname using llog_backup()
* - if failed then move bakup to logname again
*/
OBD_ALLOC(temp_log, strlen(logname) + 1);
if (!temp_log)
RETURN(-ENOMEM);
sprintf(temp_log, "%sT", logname);
|
| Comments |
| Comment by Andreas Dilger [ 23/Mar/15 ] |
|
Looks like this has been around since |
| Comment by Gerrit Updater [ 23/Mar/15 ] |
|
wangdi (di.wang@intel.com) uploaded a new patch: http://review.whamcloud.com/14146 |
| Comment by Gerrit Updater [ 25/Mar/15 ] |
|
Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/14146/ |
| Comment by Peter Jones [ 27/Mar/15 ] |
|
Landed for 2.8 |