PROBLEM: linux 2.6.13.4 (snapgear-3.3.0) scripts/mod/modpost dumps core

From: Jeff Johnson
Date: Fri Nov 18 2005 - 17:04:05 EST

Next message: Fernando Lopez-Lezcano: "Re: 2.6.14-rt13"
Previous message: Gene Heskett: "dvd writes truncated 3 Mbytes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm new at this, so hopefully this is OK. I'm working on an embedded
system using snapgear-3.3.0 (linux 2.6.13.4). The kernel build fails
when executing modpost -- it dumps core. I have debugged the problem.
In modpost.c:buf_printf() appears the following code:
len = vsnprintf(tmp, SZ, fmt, ap);
if (buf->size - buf->pos < len + 1) {
buf->size += 128;
buf->p = realloc(buf->p, buf->size);
}
strncpy(buf->p + buf->pos, tmp, len + 1);

What I have discovered is that in my environment, in some cases the
output from vsnprintf() exceeds 128 characters. So when the test for
"remaining space < len" fails, and the buf is realloc'ed, not enough
memory is allocated, and the subsequent strncpy overflows the buffer.

My solution was to change the assignment of buf->size as follows:
buf->size += 128 * ((len/128)+1);

This will cause buf->size to increment by enough 128 byte blocks to
hold the string. If it isn't important to increment in 128 byte
chunks, then I suppose you could just have:
buf->size += SZ;

Thanks
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Fernando Lopez-Lezcano: "Re: 2.6.14-rt13"
Previous message: Gene Heskett: "dvd writes truncated 3 Mbytes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]