Re: dd miniroot.fs into CF card from non-amiga NetBSD box

[mlelstv%serpens.de@localhost (Michael van Elst)]

rokuyama%rk.phys.keio.ac.jp@localhost (Rin Okuyama) writes:

>In the writing of this patch, I've found a skew in the original code.
>It obtains buffer of size lp->d_secsize:

>amiga/disksubr.c:
>    167          /* obtain buffer to probe drive with */
>    168          bp = geteblk((int)lp->d_secsize);

>After that lp->d_secsize is overwritten by rbp->nbytes:
>    242          lp->d_secsize = rbp->nbytes;

>Then, lp->d_secsize is reused for bp->bcount:
>    304                  bp->b_bcount = lp->d_secsize;

>If rbp->nbytes is smaller than or equal to the original lp->d_secsize,
>there is no problem. However if it is not, this causes buffer overflow.
>Shouldn't we take care of it? Am I too paranoid?


No, that's clearly a bug.

-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."