Author: mdf
Date: Fri Jan 7 16:46:20 2011
New Revision: 217109
URL: http://svn.freebsd.org/changeset/base/217109
Log:
Fix a memory overflow where the input length to g_gpt_utf8_to_utf16()
was specified incorrectly, causing the bzero to run past the end of a
malloc(9)'d object.
Submitted by: Eric Youngblut < eyoungblut AT isilon DOT com >
MFC after: 3 days
Modified:
head/sys/geom/part/g_part_gpt.c
Modified: head/sys/geom/part/g_part_gpt.c
==============================================================================
--- head/sys/geom/part/g_part_gpt.c Fri Jan 7 16:13:12 2011
(r217108)
+++ head/sys/geom/part/g_part_gpt.c Fri Jan 7 16:46:20 2011
(r217109)
@@ -425,7 +425,8 @@ g_part_gpt_add(struct g_part_table *base
}
if (gpp->gpp_parms & G_PART_PARM_LABEL)
g_gpt_utf8_to_utf16(gpp->gpp_label, entry->ent.ent_name,
- sizeof(entry->ent.ent_name));
+ sizeof(entry->ent.ent_name) /
+ sizeof(entry->ent.ent_name[0]));
return (0);
}
@@ -588,7 +589,8 @@ g_part_gpt_modify(struct g_part_table *b
}
if (gpp->gpp_parms & G_PART_PARM_LABEL)
g_gpt_utf8_to_utf16(gpp->gpp_label, entry->ent.ent_name,
- sizeof(entry->ent.ent_name));
+ sizeof(entry->ent.ent_name) /
+ sizeof(entry->ent.ent_name[0]));
return (0);
}
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
