From dca497d728792e3cb655c78455c2d649af312ce8 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Sun, 20 Jul 2025 22:03:49 +0800 Subject: ][PATCH] ufs-utils: fix crash for ufs-utils list_bsg The full_path buffer in find_bsg_device function consists of: path + '/' + files->d_name + '\0' So the buffer size should be: strlen(path) + strlen(files->d_name) + 2, not: strlen(path) + strlen(files->d_name) + 1. Backport a patch to fix crash when running 32-bit binary on 64-bit system: $ ufs-utils list_bsg malloc(): invalid next size (unsorted) Aborted (core dumped) Signed-off-by: Yi Zhao Signed-off-by: Armin Kuster --- ...x-full_path-buffer-size-in-find_bsg_devic.patch | 39 ++++++++++++++++++++++ .../recipes-utils/ufs-utils/ufs-utils_4.13.5.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta-filesystems/recipes-utils/ufs-utils/files/0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch diff --git a/meta-filesystems/recipes-utils/ufs-utils/files/0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch b/meta-filesystems/recipes-utils/ufs-utils/files/0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch new file mode 100644 index 0000000000..7ae858a65e --- /dev/null +++ b/meta-filesystems/recipes-utils/ufs-utils/files/0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch @@ -0,0 +1,39 @@ +From 989dcd297223d6896c5892532d14984326fa093d Mon Sep 17 00:00:00 2001 +From: Yi Zhao +Date: Fri, 18 Jul 2025 16:52:57 +0800 +Subject: [PATCH] ufs_cmds: fix full_path buffer size in find_bsg_device + +The full_path buffer consists of: path + '/' + files->d_name + '\0' +So the buffer size should be: strlen(path) + strlen(files->d_name) + 2 + +Fix crash when running 32-bit binary on 64-bit system: +$ ufs-utils list_bsg +malloc(): invalid next size (unsorted) +Aborted (core dumped) + +Fix #58 + +Upstream-Status: Backport +[https://github.com/SanDisk-Open-Source/ufs-utils/commit/989dcd297223d6896c5892532d14984326fa093d] + +Signed-off-by: Yi Zhao +--- + ufs_cmds.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ufs_cmds.c b/ufs_cmds.c +index ddb037c..a6faa27 100644 +--- a/ufs_cmds.c ++++ b/ufs_cmds.c +@@ -1520,7 +1520,7 @@ static int find_bsg_device(char* path, int *counter) { + if ((strcmp(files->d_name, ".") != 0) && + (strcmp(files->d_name, "..") != 0)) { + char *full_path = (char *)malloc(strlen(path) + +- strlen(files->d_name) + 1); ++ strlen(files->d_name) + 2); + sprintf(full_path, "%s/%s", + path, files->d_name); + rc = find_bsg_device(full_path, counter); +-- +2.34.1 + diff --git a/meta-filesystems/recipes-utils/ufs-utils/ufs-utils_4.13.5.bb b/meta-filesystems/recipes-utils/ufs-utils/ufs-utils_4.13.5.bb index 7126684e61..aac710cfca 100644 --- a/meta-filesystems/recipes-utils/ufs-utils/ufs-utils_4.13.5.bb +++ b/meta-filesystems/recipes-utils/ufs-utils/ufs-utils_4.13.5.bb @@ -7,6 +7,7 @@ BRANCH ?= "dev" SRCREV = "18c0a8454ca1cf8969170049f8c628d88627beec" SRC_URI = "git://github.com/westerndigitalcorporation/ufs-utils.git;protocol=https;branch=${BRANCH} \ + file://0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch \ " UPSTREAM_CHECK_COMMITS = "1" -- cgit v1.2.3-54-g00ecf