udf_build_ustr was completely broken when
size >= UDF_NAME_LEN - 1 or size < 2
nobody noticed because all callers set size
to acceptable values (constants)
Signed-off-by: Marcin Slusarz <[EMAIL PROTECTED]>
Cc: Jan Kara <[EMAIL PROTECTED]>
---
fs/udf/unicode.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c
index f969617..f4e54e5 100644
--- a/fs/udf/unicode.c
+++ b/fs/udf/unicode.c
@@ -47,16 +47,16 @@ static int udf_char_to_ustr(struct ustr *dest, const
uint8_t *src, int strlen)
*/
int udf_build_ustr(struct ustr *dest, dstring *ptr, int size)
{
- int usesize;
+ u8 usesize;
- if ((!dest) || (!ptr) || (!size))
+ if (!dest || !ptr || size < 2)
return -1;
- memset(dest, 0, sizeof(struct ustr));
- usesize = (size > UDF_NAME_LEN) ? UDF_NAME_LEN : size;
+ usesize = min_t(size_t, size - 2, sizeof(dest->u_name));
dest->u_cmpID = ptr[0];
- dest->u_len = ptr[size - 1];
- memcpy(dest->u_name, ptr + 1, usesize - 1);
+ dest->u_len = usesize;
+ memcpy(dest->u_name, ptr + 1, usesize);
+ memset(dest->u_name + usesize, 0, sizeof(dest->u_name) - usesize);
return 0;
}
--
1.5.3.7
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
