SYS-OSS/FRET-qemu
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Revert "vvfat: fix ubsan issue in create_long_filename"

Browse Source 
This reverts commit 0cb3ff7c22671aa1e1e227318799ccf6762c3bea.

The original code was right in that long name in LFN directory
entry uses other parts of the entry for the name too, not just
the original "name" field.  So it is wrong to limit the offset
to be within the name field.  Some other mechanism is needed
to fix the ubsan report and whole messy usage of bytes past the
given field.

Reported-by: Volker Rümelin <vr_qemu@t-online.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This commit is contained in:
Michael Tokarev 2024-12-30 00:08:50 +03:00
parent 7c89e226f8
commit d8d17d2bf6
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
block/vvfat.c
View File

@ -426,10 +426,6 @@ static direntry_t *create_long_filename(BDRVVVFATState *s, const char *filename)
else if(offset<22) offset=14+offset-10; else if(offset<22) offset=14+offset-10;
else offset=28+offset-22; else offset=28+offset-22;
entry=array_get(&(s->directory),s->directory.next-1-(i/26)); entry=array_get(&(s->directory),s->directory.next-1-(i/26));
/* ensure we don't write anything past entry->name */
if (offset >= sizeof(entry->name)) {
continue;
}
if (i >= 2 * length + 2) { if (i >= 2 * length + 2) {
entry->name[offset] = 0xff; entry->name[offset] = 0xff;
} else if (i % 2 == 0) { } else if (i % 2 == 0) {