diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/meta-gplv2/recipes-devtools/dosfstools/dosfstools | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/meta-gplv2/recipes-devtools/dosfstools/dosfstools')
-rw-r--r-- | external/meta-gplv2/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/external/meta-gplv2/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch b/external/meta-gplv2/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch new file mode 100644 index 00000000..f80f5abc --- /dev/null +++ b/external/meta-gplv2/recipes-devtools/dosfstools/dosfstools/fixing-out-of-bound-writes.patch @@ -0,0 +1,54 @@ +Fix out of bound write issues where sprintf writes across both +name and ext fields and drops the final null ternimator outside the struct + +Upstream-Status: Inappropriate [licensing] +We're tracking an old release of dosfstools due to licensing issues. + +diff --git a/dosfsck/check.c b/dosfsck/check.c +index e8c13bb..91177d3 100644 +--- a/dosfsck/check.c ++++ b/dosfsck/check.c +@@ -58,6 +58,13 @@ static DOS_FILE *root; + } \ + } while(0) + ++static void de_printf(DIR_ENT *de, const char *pattern, int curr_num) ++{ ++ char buffer[12]; ++ sprintf(buffer, pattern, curr_num); ++ memcpy(de->name, buffer, 8); ++ memcpy(de->ext, buffer + 8, 3); ++} + + loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT *de, const char *pattern) + { +@@ -110,7 +117,8 @@ loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT *de, const char *pattern) + } + memset(de,0,sizeof(DIR_ENT)); + while (1) { +- sprintf(de->name,pattern,curr_num); ++ de_printf(de, pattern, curr_num); ++ + clu_num = fs->root_cluster; + i = 0; + offset2 = cluster_start(fs,clu_num); +@@ -150,7 +158,7 @@ loff_t alloc_rootdir_entry(DOS_FS *fs, DIR_ENT *de, const char *pattern) + offset = fs->root_start+next_free*sizeof(DIR_ENT); + memset(de,0,sizeof(DIR_ENT)); + while (1) { +- sprintf(de->name,pattern,curr_num); ++ de_printf(de, pattern, curr_num); + for (scan = 0; scan < fs->root_entries; scan++) + if (scan != next_free && + !strncmp(root[scan].name,de->name,MSDOS_NAME)) +@@ -311,8 +319,8 @@ static void auto_rename(DOS_FILE *file) + first = file->parent ? file->parent->first : root; + number = 0; + while (1) { +- sprintf(file->dir_ent.name,"FSCK%04d",number); +- strncpy(file->dir_ent.ext,"REN",3); ++ de_printf(&file->dir_ent, "FSCK%04dREN", number); ++ + for (walk = first; walk; walk = walk->next) + if (walk != file && !strncmp(walk->dir_ent.name,file->dir_ent. + name,MSDOS_NAME)) break; |