|
 |
a9c310 |
From bee65149cc025522ae0e2c37a0ce817641ebac28 Mon Sep 17 00:00:00 2001
|
|
|
a9c310 |
From: Theodore Ts'o <tytso@mit.edu>
|
|
|
a9c310 |
Date: Mon, 4 Nov 2019 18:43:49 -0500
|
|
|
a9c310 |
Subject: [PATCH 02/10] libext2fs: fix UBSan when updating an inline_data file
|
|
|
a9c310 |
|
|
|
a9c310 |
What memcpy does when the length is zero is not well-defined. So
|
|
|
a9c310 |
avoid it.
|
|
|
a9c310 |
|
|
|
a9c310 |
Bug: https://github.com/tytso/e2fsprogs/issues/25
|
|
|
a9c310 |
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
a9c310 |
---
|
|
|
a9c310 |
lib/ext2fs/ext_attr.c | 5 +++--
|
|
|
a9c310 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
a9c310 |
|
|
|
a9c310 |
diff --git a/lib/ext2fs/ext_attr.c b/lib/ext2fs/ext_attr.c
|
|
|
a9c310 |
index 78a823a9..affc1a8f 100644
|
|
|
a9c310 |
--- a/lib/ext2fs/ext_attr.c
|
|
|
a9c310 |
+++ b/lib/ext2fs/ext_attr.c
|
|
|
a9c310 |
@@ -1550,14 +1550,15 @@ errcode_t ext2fs_xattr_set(struct ext2_xattr_handle *h,
|
|
|
a9c310 |
new_value, &value_len);
|
|
|
a9c310 |
if (ret)
|
|
|
a9c310 |
goto out;
|
|
|
a9c310 |
- } else
|
|
|
a9c310 |
+ } else if (value_len)
|
|
|
a9c310 |
memcpy(new_value, value, value_len);
|
|
|
a9c310 |
|
|
|
a9c310 |
/* Imitate kernel behavior by skipping update if value is the same. */
|
|
|
a9c310 |
for (x = h->attrs; x < h->attrs + h->count; x++) {
|
|
|
a9c310 |
if (!strcmp(x->name, name)) {
|
|
|
a9c310 |
if (!x->ea_ino && x->value_len == value_len &&
|
|
|
a9c310 |
- !memcmp(x->value, new_value, value_len)) {
|
|
|
a9c310 |
+ (!value_len ||
|
|
|
a9c310 |
+ !memcmp(x->value, new_value, value_len))) {
|
|
|
a9c310 |
ret = 0;
|
|
|
a9c310 |
goto out;
|
|
|
a9c310 |
}
|
|
|
a9c310 |
--
|
|
|
a9c310 |
2.21.1
|
|
|
a9c310 |
|