| Brad Bishop | a5c52ff | 2018-11-23 10:55:50 +1300 | [diff] [blame] | 1 | Upstream-Status: Submitted [bugs-cpio] |
| 2 | Signed-off-by: Ross Burton <ross.burton@intel.com> |
| 3 | |
| 4 | From 3f0bd5a40ad0ceaee78c74a52a7166ed7f08db81 Mon Sep 17 00:00:00 2001 |
| 5 | From: Pavel Raiskup <praiskup@redhat.com> |
| 6 | Date: Thu, 29 Nov 2018 07:03:48 +0100 |
| 7 | Subject: [PATCH] Fix segfault with --append |
| 8 | |
| 9 | The --append mode combines both process_copy_in() and |
| 10 | process_copy_out() methods, each of them working with different |
| 11 | (local) file_hdr->c_name buffers. So ensure that |
| 12 | cpio_set_c_name() isn't using the same static variable for |
| 13 | maintaining length of different buffers. |
| 14 | |
| 15 | Complements d36ec5f4e93130efb24fb9. Thanks to Ross Burton. |
| 16 | |
| 17 | * src/copyin.c (process_copy_in): Always initialize file_hdr. |
| 18 | * src/copyout.c (process_copy_out): Likewise. |
| 19 | * src/cpiohdr.h (cpio_file_stat): Add c_name_buflen variable. |
| 20 | * src/util.c (cpio_set_c_name): Use file_hdr->c_name_buflen. |
| 21 | --- |
| 22 | src/copyin.c | 1 + |
| 23 | src/copyout.c | 1 + |
| 24 | src/cpiohdr.h | 1 + |
| 25 | src/util.c | 3 ++- |
| 26 | 4 files changed, 5 insertions(+), 1 deletion(-) |
| 27 | |
| 28 | diff --git a/src/copyin.c b/src/copyin.c |
| 29 | index ba887ae..767c2f8 100644 |
| 30 | --- a/src/copyin.c |
| 31 | +++ b/src/copyin.c |
| 32 | @@ -1213,6 +1213,7 @@ process_copy_in () |
| 33 | |
| 34 | newdir_umask = umask (0); /* Reset umask to preserve modes of |
| 35 | created files */ |
| 36 | + memset (&file_hdr, 0, sizeof (struct cpio_file_stat)); |
| 37 | |
| 38 | /* Initialize the copy in. */ |
| 39 | if (pattern_file_name) |
| 40 | diff --git a/src/copyout.c b/src/copyout.c |
| 41 | index 7532dac..fb890cb 100644 |
| 42 | --- a/src/copyout.c |
| 43 | +++ b/src/copyout.c |
| 44 | @@ -594,6 +594,7 @@ process_copy_out () |
| 45 | |
| 46 | /* Initialize the copy out. */ |
| 47 | ds_init (&input_name, 128); |
| 48 | + memset (&file_hdr, 0, sizeof (struct cpio_file_stat)); |
| 49 | file_hdr.c_magic = 070707; |
| 50 | |
| 51 | /* Check whether the output file might be a tape. */ |
| 52 | diff --git a/src/cpiohdr.h b/src/cpiohdr.h |
| 53 | index 588135b..cf64f3e 100644 |
| 54 | --- a/src/cpiohdr.h |
| 55 | +++ b/src/cpiohdr.h |
| 56 | @@ -127,6 +127,7 @@ struct cpio_file_stat /* Internal representation of a CPIO header */ |
| 57 | uint32_t c_chksum; |
| 58 | char *c_name; |
| 59 | char *c_tar_linkname; |
| 60 | + size_t c_name_buflen; |
| 61 | }; |
| 62 | |
| 63 | void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name); |
| 64 | diff --git a/src/util.c b/src/util.c |
| 65 | index 10486dc..1256469 100644 |
| 66 | --- a/src/util.c |
| 67 | +++ b/src/util.c |
| 68 | @@ -1413,7 +1413,7 @@ set_file_times (int fd, |
| 69 | void |
| 70 | cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name) |
| 71 | { |
| 72 | - static size_t buflen = 0; |
| 73 | + size_t buflen = file_hdr->c_name_buflen; |
| 74 | size_t len = strlen (name) + 1; |
| 75 | |
| 76 | if (buflen == 0) |
| 77 | @@ -1430,6 +1430,7 @@ cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name) |
| 78 | } |
| 79 | |
| 80 | file_hdr->c_namesize = len; |
| 81 | + file_hdr->c_name_buflen = buflen; |
| 82 | memmove (file_hdr->c_name, name, len); |
| 83 | } |
| 84 | |
| 85 | -- |
| 86 | 2.11.0 |
| 87 | |