[PATCH] ubifs: replace simple_strtoul() with kstrtoul()
Geert Uytterhoeven
geert at linux-m68k.org
Mon May 19 02:13:51 PDT 2014
Please don't add mindless casts!
On Mon, May 19, 2014 at 5:26 AM, Zhang Zhen <zhenzhang.zhang at huawei.com> wrote:
> --- a/fs/ubifs/super.c
> +++ b/fs/ubifs/super.c
> @@ -1905,6 +1905,7 @@ static struct ubi_volume_desc *open_ubi(const char *name, int mode)
> struct ubi_volume_desc *ubi;
> int dev, vol;
dev is int
> char *endptr;
> + int ret;
>
> /* First, try to open using the device node path method */
> ubi = ubi_open_volume_path(name, mode);
> @@ -1922,7 +1923,10 @@ static struct ubi_volume_desc *open_ubi(const char *name, int mode)
> if (!isdigit(name[3]))
> return ERR_PTR(-EINVAL);
>
> - dev = simple_strtoul(name + 3, &endptr, 0);
> + endptr = (char *)name + 3;
> + ret = kstrtoul(endptr, 0, (unsigned long *)&dev);
On 64-bit, long is 64-bit, hence this will write beyond dev and will corrupt
the stack.
> + if (ret)
> + return ERR_PTR(-EINVAL);
>
> /* ubiY method */
> if (*endptr == '\0')
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert at linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
More information about the linux-mtd
mailing list