[PATCH] kbuild: fix buffer overflow in modpost

From: Sam Ravnborg
Date: Thu Mar 16 2006 - 13:57:41 EST


Hi Linus - please apply to 2.6.16-rc

Jiri Benc <jbenc@xxxxxxx> reported that modpost would stop with SIGABRT if
used with long filepaths.
The error looked like:
> Building modules, stage 2.
> MODPOST
> *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size:
+0x0809f588 ***
> [...]

Following patch fixes this by allocating at least the required
memory + SZ bytes each time. Before we sometimes ended up allocating
too little memory resuting in the glibc detected bug above.
Based on patch originally submitted by: Jiri Benc <jbenc@xxxxxxx>

Signed-off-by: Sam Ravnborg <sam@xxxxxxxxxxxx>
---

diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index f70ff13..b8b2a56 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -508,12 +508,7 @@ buf_printf(struct buffer *buf, const cha

va_start(ap, fmt);
len = vsnprintf(tmp, SZ, fmt, ap);
- if (buf->size - buf->pos < len + 1) {
- buf->size += 128;
- buf->p = realloc(buf->p, buf->size);
- }
- strncpy(buf->p + buf->pos, tmp, len + 1);
- buf->pos += len;
+ buf_write(buf, tmp, len);
va_end(ap);
}

@@ -521,7 +516,7 @@ void
buf_write(struct buffer *buf, const char *s, int len)
{
if (buf->size - buf->pos < len) {
- buf->size += len;
+ buf->size += len + SZ;
buf->p = realloc(buf->p, buf->size);
}
strncpy(buf->p + buf->pos, s, len);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/