From: Sam Ravnborg Date: Fri, 17 Mar 2006 07:04:08 +0000 (-0800) Subject: [PATCH] kbuild: fix buffer overflow in modpost X-Git-Tag: v2.6.16~10 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7670f023aabd976c25862e4c6fb9f6d9d2758153;p=linux-2.6 [PATCH] kbuild: fix buffer overflow in modpost Jiri Benc reported that modpost would stop with SIGABRT if used with long filepaths. The error looked like: > Building modules, stage 2. > MODPOST > *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size: +0x0809f588 *** > [...] Fix this by allocating at least the required memory + SZ bytes each time. Before we sometimes ended up allocating too little memory resuting in the glibc detected bug above. Based on patch originally submitted by: Jiri Benc Signed-off-by: Sam Ravnborg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index f70ff13d48..b8b2a560b2 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -508,12 +508,7 @@ buf_printf(struct buffer *buf, const char *fmt, ...) va_start(ap, fmt); len = vsnprintf(tmp, SZ, fmt, ap); - if (buf->size - buf->pos < len + 1) { - buf->size += 128; - buf->p = realloc(buf->p, buf->size); - } - strncpy(buf->p + buf->pos, tmp, len + 1); - buf->pos += len; + buf_write(buf, tmp, len); va_end(ap); } @@ -521,7 +516,7 @@ void buf_write(struct buffer *buf, const char *s, int len) { if (buf->size - buf->pos < len) { - buf->size += len; + buf->size += len + SZ; buf->p = realloc(buf->p, buf->size); } strncpy(buf->p + buf->pos, s, len);