summaryrefslogtreecommitdiff
path: root/libblkid
diff options
context:
space:
mode:
Diffstat (limited to 'libblkid')
-rw-r--r--libblkid/src/devno.c19
-rw-r--r--libblkid/src/superblocks/bcache.c28
-rw-r--r--libblkid/src/superblocks/iso9660.c6
3 files changed, 33 insertions, 20 deletions
diff --git a/libblkid/src/devno.c b/libblkid/src/devno.c
index 74a0d982e..a1ab54362 100644
--- a/libblkid/src/devno.c
+++ b/libblkid/src/devno.c
@@ -35,6 +35,7 @@
#include "blkidP.h"
#include "pathnames.h"
#include "sysfs.h"
+#include "strutils.h"
static char *blkid_strconcat(const char *a, const char *b, const char *c)
{
@@ -51,18 +52,12 @@ static char *blkid_strconcat(const char *a, const char *b, const char *c)
p = res = malloc(len + 1);
if (!res)
return NULL;
- if (al) {
- memcpy(p, a, al);
- p += al;
- }
- if (bl) {
- memcpy(p, b, bl);
- p += bl;
- }
- if (cl) {
- memcpy(p, c, cl);
- p += cl;
- }
+ if (al)
+ p = mempcpy(p, a, al);
+ if (bl)
+ p = mempcpy(p, b, bl);
+ if (cl)
+ p = mempcpy(p, c, cl);
*p = '\0';
return res;
}
diff --git a/libblkid/src/superblocks/bcache.c b/libblkid/src/superblocks/bcache.c
index 64ece8647..b66ed8b19 100644
--- a/libblkid/src/superblocks/bcache.c
+++ b/libblkid/src/superblocks/bcache.c
@@ -106,6 +106,8 @@ struct bcachefs_super_block {
#define BCACHE_SB_CSUMMED_END 208
/* granularity of offset and length fields within superblock */
#define BCACHEFS_SECTOR_SIZE 512
+/* maximum superblock size */
+#define BCACHEFS_SB_MAX_SIZE 4096
/* fields offset within super block */
#define BCACHEFS_SB_FIELDS_OFF offsetof(struct bcachefs_super_block, _start)
/* tag value for members field */
@@ -147,7 +149,7 @@ static int probe_bcache (blkid_probe pr, const struct blkid_idmag *mag)
static unsigned char *member_field_end(
const struct bcachefs_sb_field_members *field, size_t idx)
{
- return (unsigned char *) &field->members + (sizeof(*field->members) * idx);
+ return (unsigned char *) &field->members + (sizeof(*field->members) * (idx + 1));
}
static void probe_bcachefs_sb_members(blkid_probe pr,
@@ -161,14 +163,18 @@ static void probe_bcachefs_sb_members(blkid_probe pr,
uint64_t sectors = 0;
uint8_t i;
- if (member_field_end(members, dev_idx) > sb_end)
+ if ((unsigned char *) field + BYTES(field)
+ != member_field_end(members, bcs->nr_devices - 1))
return;
- blkid_probe_set_uuid_as(pr, members->members[dev_idx].uuid, "UUID_SUB");
+ if (member_field_end(members, dev_idx) > sb_end)
+ return;
if (member_field_end(members, bcs->nr_devices - 1) > sb_end)
return;
+ blkid_probe_set_uuid_as(pr, members->members[dev_idx].uuid, "UUID_SUB");
+
for (i = 0; i < bcs->nr_devices; i++) {
struct bcachefs_sb_member *member = &members->members[i];
sectors += le64_to_cpu(member->nbuckets) * le16_to_cpu(member->bucket_size);
@@ -183,10 +189,19 @@ static void probe_bcachefs_sb_fields(blkid_probe pr, const struct bcachefs_super
while (1) {
struct bcachefs_sb_field *field = (struct bcachefs_sb_field *) field_addr;
- int32_t type;
+ uint64_t field_size;
+ uint32_t type;
if ((unsigned char *) field + sizeof(*field) > sb_end)
- return;
+ break;
+
+ field_size = BYTES(field);
+
+ if (field_size < sizeof(*field))
+ break;
+
+ if ((unsigned char *) field + field_size > sb_end)
+ break;
type = le32_to_cpu(field->type);
if (!type)
@@ -245,6 +260,9 @@ static int probe_bcachefs(blkid_probe pr, const struct blkid_idmag *mag)
return BLKID_PROBE_NONE;
sb_size = BCACHEFS_SB_FIELDS_OFF + BYTES(bcs);
+ if (sb_size > BCACHEFS_SB_MAX_SIZE)
+ return BLKID_PROBE_NONE;
+
sb = blkid_probe_get_sb_buffer(pr, mag, sb_size);
if (!sb)
return BLKID_PROBE_NONE;
diff --git a/libblkid/src/superblocks/iso9660.c b/libblkid/src/superblocks/iso9660.c
index e67da9d70..536704b4e 100644
--- a/libblkid/src/superblocks/iso9660.c
+++ b/libblkid/src/superblocks/iso9660.c
@@ -74,7 +74,7 @@ struct boot_record {
#define ISO_VD_END 0xff
#define ISO_VD_MAX 16
/* maximal string field size used anywhere in ISO; update if necessary */
-#define ISO_MAX_FIELDSIZ sizeof(((struct iso_volume_descriptor *)0)->volume_set_id)
+#define ISO_MAX_FIELDSIZ sizeof_member(struct iso_volume_descriptor, volume_set_id)
struct high_sierra_volume_descriptor {
unsigned char foo[8];
@@ -256,8 +256,8 @@ static int probe_iso9660(blkid_probe pr, const struct blkid_idmag *mag)
if (!pvd)
return errno ? -errno : 1;
- uint16_t logical_block_size = isonum_723(pvd->logical_block_size, true);
- uint32_t space_size = isonum_733(pvd->space_size, true);
+ uint16_t logical_block_size = isonum_723(pvd->logical_block_size, false);
+ uint32_t space_size = isonum_733(pvd->space_size, false);
blkid_probe_set_fsblocksize(pr, logical_block_size);
blkid_probe_set_block_size(pr, logical_block_size);
View Lorry Controller Status