[Ocfs2-tools-devel] [PATCH] libocfs2: Prevent endian swapping from scribbling over memory.
Joel Becker
Joel.Becker at oracle.com
Wed Jul 29 22:41:34 PDT 2009
On Thu, Jul 30, 2009 at 09:53:27AM +0800, Tao Ma wrote:
> Joel Becker wrote:
> >@@ -116,23 +133,40 @@ static void ocfs2_swap_xattr_entries_to_cpu(struct ocfs2_xattr_header *xh)
> > for (i = 0; i < xh->xh_count; i++) {
> > struct ocfs2_xattr_entry *xe = &xh->xh_entries[i];
> >+ if (ocfs2_swap_barrier(&fake_fs, obj, xe,
> >+ sizeof(struct ocfs2_xattr_entry)))
> >+ break;
> >+
> > ocfs2_swap_xattr_entry(xe);
> >+ value = (char *)xh + xe->xe_name_offset +
> >+ OCFS2_XATTR_SIZE(xe->xe_name_len);
> >+
> > if (!ocfs2_xattr_is_local(xe)) {
> > struct ocfs2_xattr_value_root *xr =
> >- (struct ocfs2_xattr_value_root *)
> >- ((char *)xh + xe->xe_name_offset +
> >- OCFS2_XATTR_SIZE(xe->xe_name_len));
> >+ (struct ocfs2_xattr_value_root *)value;
> >+
> >+ if (ocfs2_swap_barrier(&fake_fs, obj, xr,
> >+ OCFS2_XATTR_ROOT_SIZE))
> >+ break;
> > ocfs2_swap_xattr_value_root(xr);
> >- ocfs2_swap_extent_list_to_cpu(&xr->xr_list);
> >- }
> >+ ocfs2_swap_extent_list_to_cpu(fs, xh, &xr->xr_list);
> here we should use faked_fs since xr->xr_list may not be in the same
> buffer as xh.
Good catch.
Joel
--
"But then she looks me in the eye
And says, 'We're going to last forever,'
And man you know I can't begin to doubt it.
Cause it just feels so good and so free and so right,
I know we ain't never going to change our minds about it, Hey!
Here comes my girl."
Joel Becker
Principal Software Developer
Oracle
E-mail: joel.becker at oracle.com
Phone: (650) 506-8127
More information about the Ocfs2-tools-devel
mailing list