• Jim Meyering's avatar
    Btrfs: avoid buffer overrun in mount option handling · f60d16a8
    Jim Meyering authored
    There is an off-by-one error: allocating room for a maximal result
    string but without room for a trailing NUL.  That, can lead to
    returning a transformed string that is not NUL-terminated, and
    then to a caller reading beyond end of the malloc'd buffer.
    
    Rewrite to s/kzalloc/kmalloc/, remove unwarranted use of strncpy
    (the result is guaranteed to fit), remove dead strlen at end, and
    change a few variable names and comments.
    Reviewed-by: default avatarJosef Bacik <josef@redhat.com>
    Signed-off-by: default avatarJim Meyering <meyering@redhat.com>
    f60d16a8
super.c 41.3 KB