Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 076ca9e7 authored by Keith Mok's avatar Keith Mok Committed by Michael Bestas
Browse files

fs_mgr: BLKGETSIZE causes memory corruption 

BLKGETSIZE return unsigned long sector size,
but unsigned long is of 8 bytes in 64 bits system.
Passing an integar value will causes stack corruption.
Use BLKGETSIZE64 instead.

Change-Id: If2bf44673f5ab3436f79f0af3252990d56748f5c
parent 730d3534

fs_mgr/fs_mgr_format.c

+3 −3
Original line number Diff line number Diff line
@@ -33,7 +33,7 @@ extern void reset_ext4fs_info(); 


static int format_ext4(char *fs_blkdev, char *fs_mnt_point, long long fs_length)

{

    unsigned int nr_sec;

    uint64_t dev_sz;

    int fd, rc = 0;



    if ((fd = open(fs_blkdev, O_WRONLY, 0644)) < 0) {
@@ -41,7 +41,7 @@ static int format_ext4(char *fs_blkdev, char *fs_mnt_point, long long fs_length) 
        return -1;

    }



    if ((ioctl(fd, BLKGETSIZE, &nr_sec)) == -1) {

    if ((ioctl(fd, BLKGETSIZE64, &dev_sz)) == -1) {

        ERROR("Cannot get block device size.  %s\n", strerror(errno));

        close(fd);

        return -1;
@@ -49,7 +49,7 @@ static int format_ext4(char *fs_blkdev, char *fs_mnt_point, long long fs_length) 


    /* Format the partition using the calculated length */

    reset_ext4fs_info();

    info.len = ((off64_t)nr_sec * 512);

    info.len = (off64_t)dev_sz;



    if (fs_length > 0) {

        info.len = fs_length;