From 7670f023aabd976c25862e4c6fb9f6d9d2758153 Mon Sep 17 00:00:00 2001 From: Sam Ravnborg Date: Thu, 16 Mar 2006 23:04:08 -0800 Subject: [PATCH] kbuild: fix buffer overflow in modpost Jiri Benc reported that modpost would stop with SIGABRT if used with long filepaths. The error looked like: > Building modules, stage 2. > MODPOST > *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size: +0x0809f588 *** > [...] Fix this by allocating at least the required memory + SZ bytes each time. Before we sometimes ended up allocating too little memory resuting in the glibc detected bug above. Based on patch originally submitted by: Jiri Benc Signed-off-by: Sam Ravnborg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/mod/modpost.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'scripts/mod/modpost.c') diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index f70ff13d481..b8b2a560b26 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -508,12 +508,7 @@ buf_printf(struct buffer *buf, const char *fmt, ...) va_start(ap, fmt); len = vsnprintf(tmp, SZ, fmt, ap); - if (buf->size - buf->pos < len + 1) { - buf->size += 128; - buf->p = realloc(buf->p, buf->size); - } - strncpy(buf->p + buf->pos, tmp, len + 1); - buf->pos += len; + buf_write(buf, tmp, len); va_end(ap); } @@ -521,7 +516,7 @@ void buf_write(struct buffer *buf, const char *s, int len) { if (buf->size - buf->pos < len) { - buf->size += len; + buf->size += len + SZ; buf->p = realloc(buf->p, buf->size); } strncpy(buf->p + buf->pos, s, len); -- cgit v1.2.3