[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
msdosfs and small sectors
some days ago when reading msdosfs_vfsops.c I saw this:
if ((error = bread(devvp, 0, secsize, NOCRED, 0, &bp)) != 0)
bsp = (union bootsector *)bp->b_data;
b33 = (struct byte_bpb33 *)bsp->bs33.bsBPB;
b50 = (struct byte_bpb50 *)bsp->bs50.bsBPB;
b710 = (struct byte_bpb710 *)bsp->bs710.bsBPB;
'secsize' is retrieved through getdisksize(), via an ioctl on the device.
I have a doubt, isn't there a risk that the kernel overflows memory if
secsize is too low? If I plug an USB key with only 2 bytes per sector, only
two bytes will be read by this bread(), and 'bp->b_data' will be accessed
outside the requested area.
Not sure though, does someone have an idea? If I'm right, which limit
should we put?
Main Index |
Thread Index |