[Cluster-devel] [bug report] gfs2: dump fsid when dumping glock problems

Dan Carpenter Fri, 09 Aug 2019 06:16:06 -0700

Hello Bob Peterson,

The patch 3792ce973f07: "gfs2: dump fsid when dumping glock problems"
from May 9, 2019, leads to the following static checker warning:


        fs/gfs2/glock.c:1796 gfs2_dump_glock()
        error: format string overflow. buf_size: 270 length: 277

fs/gfs2/glock.c
  1785  void gfs2_dump_glock(struct seq_file *seq, struct gfs2_glock *gl, bool 
fsid)
  1786  {
  1787          const struct gfs2_glock_operations *glops = gl->gl_ops;
  1788          unsigned long long dtime;
  1789          const struct gfs2_holder *gh;
  1790          char gflags_buf[32];
  1791          char fs_id_buf[GFS2_FSNAME_LEN + 3 * sizeof(int) + 2];
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is the same as sizeof(sdp->sd_fsname);

  1792          struct gfs2_sbd *sdp = gl->gl_name.ln_sbd;
  1793  
  1794          memset(fs_id_buf, 0, sizeof(fs_id_buf));
  1795          if (fsid && sdp) /* safety precaution */
  1796                  sprintf(fs_id_buf, "fsid=%s: ", sdp->sd_fsname);
                                            ^^^^^  ^^
So if sd_fsname is as large as "possible" we could be 7 characters over
the limit.

  1797          dtime = jiffies - gl->gl_demote_time;
  1798          dtime *= 1000000/HZ; /* demote time in uSec */
  1799          if (!test_bit(GLF_DEMOTE, &gl->gl_flags))
  1800                  dtime = 0;
  1801          gfs2_print_dbg(seq, "%sG:  s:%s n:%u/%llx f:%s t:%s d:%s/%llu 
a:%d "

See also:
fs/gfs2/util.c:184 gfs2_consist_rgrpd_i() error: format string overflow. 
buf_size: 270 length: 277
fs/gfs2/rgrp.c:2293 gfs2_rgrp_error() error: format string overflow. buf_size: 
270 length: 277

regards,
dan carpenter

[Cluster-devel] [bug report] gfs2: dump fsid when dumping glock problems

Reply via email to