summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Braun <rbraun@sceen.net>2012-07-03 21:09:39 -0300
committerSamuel Thibault <samuel.thibault@ens-lyon.org>2012-07-03 21:09:39 -0300
commit2f4f65ce9137aab6acaf1004bacc09d3a975d881 (patch)
treebf81109ffd75cfc1cc4ca5d81e9b673afd529b4e
parent0a56227766bfc7ee00a3d983e594ab81fc82b72a (diff)
Fix stack corruption in ext2fs server
* ext2fs/inode.c (diskfs_node_iterate): allocate the temporary node table from the heap instead of the stack.
-rw-r--r--ext2fs/inode.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/ext2fs/inode.c b/ext2fs/inode.c
index f25cc1fa..2da8a95e 100644
--- a/ext2fs/inode.c
+++ b/ext2fs/inode.c
@@ -552,7 +552,16 @@ diskfs_node_iterate (error_t (*fun)(struct node *))
for (node = nodehash[n]; node; node = node->dn->hnext)
num_nodes++;
- node_list = alloca (num_nodes * sizeof (struct node *));
+ /* TODO This method doesn't scale beyond a few dozen nodes and should be
+ replaced. */
+ node_list = malloc (num_nodes * sizeof (struct node *));
+ if (node_list == NULL)
+ {
+ spin_unlock (&diskfs_node_refcnt_lock);
+ ext2_debug ("unable to allocate temporary node table");
+ return ENOMEM;
+ }
+
p = node_list;
for (n = 0; n < INOHSZ; n++)
for (node = nodehash[n]; node; node = node->dn->hnext)
@@ -576,6 +585,7 @@ diskfs_node_iterate (error_t (*fun)(struct node *))
diskfs_nrele (node);
}
+ free (node_list);
return err;
}