2005-02-01 Roland McGrath <roland@redhat.com>

* file.c (print_xattr_val): Don't use auto array sized by syscall argument. Use malloc instead, so it can fail for insane values. Fixes Debian bug #283704.
2005-02-02 03:38:32 +00:00 · 2005-02-02 03:38:32 +00:00 · 883567c1cc
commit 883567c1cc
parent 5396233748
1 changed files with 30 additions and 22 deletions
--- a/file.c
+++ b/file.c
@ -2343,10 +2343,15 @@ print_xattr_val(tcp, failed, arg, insize, size)
 struct tcb *tcp;
 int failed;
 unsigned long arg;
-size_t size;
+long insize, size;
 {
-    unsigned char buf[4 * size + 1];
-    if (!failed && umoven(tcp, arg, size, &buf[3 * size]) >= 0) {
+    if (!failed) {
+	unsigned char *buf = malloc(4 * size + 1);
+	if (buf == NULL || /* probably a bogus size argument */
+	    umoven(tcp, arg, size, &buf[3 * size]) < 0) {
+	    failed = 1;
+	}
+	else {
 	    unsigned char *out = buf;
 	    unsigned char *in = &buf[3 * size];
 	    size_t i;
@ -2364,9 +2369,12 @@ size_t size;
 	    if (in[i - 1] == '\0')
 		out -= 4;
 	    *out = '\0';
-	tprintf(", \"%s\", %zd", buf, insize);
-    } else
-	tprintf(", 0x%lx, %zd", arg, insize);
+	    tprintf(", \"%s\", %ld", buf, insize);
+	}
+	free(buf);
+    }
+    if (failed)
+	tprintf(", 0x%lx, %ld", arg, insize);
 }

 int