Fix stack corruption in ext2fs server

* ext2fs/inode.c (diskfs_node_iterate): allocate the temporary node table from the heap instead of the stack.
author: Richard Braun <rbraun@sceen.net> 2012-07-03 21:09:39 -0300
committer: Samuel Thibault <samuel.thibault@ens-lyon.org> 2012-07-03 21:09:39 -0300
commit: 2f4f65ce9137aab6acaf1004bacc09d3a975d881 (patch)
tree: bf81109ffd75cfc1cc4ca5d81e9b673afd529b4e /ext2fs
parent: 0a56227766bfc7ee00a3d983e594ab81fc82b72a (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/ext2fs/inode.c b/ext2fs/inode.c
index f25cc1fa..2da8a95e 100644
--- a/ext2fs/inode.c
+++ b/ext2fs/inode.c
@@ -552,7 +552,16 @@ diskfs_node_iterate (error_t (*fun)(struct node *))
     for (node = nodehash[n]; node; node = node->dn->hnext)
       num_nodes++;
 
-  node_list = alloca (num_nodes * sizeof (struct node *));
+  /* TODO This method doesn't scale beyond a few dozen nodes and should be
+     replaced.  */
+  node_list = malloc (num_nodes * sizeof (struct node *));
+  if (node_list == NULL)
+    {
+      spin_unlock (&diskfs_node_refcnt_lock);
+      ext2_debug ("unable to allocate temporary node table");
+      return ENOMEM;
+    }
+
   p = node_list;
   for (n = 0; n < INOHSZ; n++)
     for (node = nodehash[n]; node; node = node->dn->hnext)
@@ -576,6 +585,7 @@ diskfs_node_iterate (error_t (*fun)(struct node *))
       diskfs_nrele (node);
     }
 
+  free (node_list);
   return err;
 }
author	Richard Braun <rbraun@sceen.net>	2012-07-03 21:09:39 -0300
committer	Samuel Thibault <samuel.thibault@ens-lyon.org>	2012-07-03 21:09:39 -0300
commit	2f4f65ce9137aab6acaf1004bacc09d3a975d881 (patch)
tree	bf81109ffd75cfc1cc4ca5d81e9b673afd529b4e /ext2fs
parent	0a56227766bfc7ee00a3d983e594ab81fc82b72a (diff)