[PATCH mtd-utils 0/2] mtd-utils: fsck.ubifs: fixes several undefined behaviors

Yuta Hayama hayama at lineo.co.jp
Thu Nov 13 00:29:17 PST 2025 

The first patch fixes the use of pointers to out-of-scope local variables.
The second patch fixes an issue where printf reads variables from the wrong
address due to an incorrect printf format length specifier. Note that the
former issue was detected by the cppcheck tool.

  $ cppcheck fsck.ubifs/
  Checking fsck.ubifs/check_files.c ...
  fsck.ubifs/check_files.c:104:48: error: Using pointer to local variable 'ino_node' that is out of scope. [invalidLifetime]
     inum, ubifs_get_key_name(key_type(c, key)), sn->lnum, sn->offs,
                                                 ^
  fsck.ubifs/check_files.c:71:31: note: Address of variable taken here.
    sn = (struct scanned_node *)&ino_node;
                                ^
  fsck.ubifs/check_files.c:64:27: note: Variable created here.
    struct scanned_ino_node ino_node;
                            ^
  fsck.ubifs/check_files.c:104:48: note: Using pointer to local variable 'ino_node' that is out of scope.
     inum, ubifs_get_key_name(key_type(c, key)), sn->lnum, sn->offs,
                                                 ^
  fsck.ubifs/check_files.c:104:48: error: Using pointer to local variable 'dent_node' that is out of scope. [invalidLifetime]
     inum, ubifs_get_key_name(key_type(c, key)), sn->lnum, sn->offs,
                                                 ^
  fsck.ubifs/check_files.c:84:31: note: Address of variable taken here.
    sn = (struct scanned_node *)&dent_node;
                                ^
  fsck.ubifs/check_files.c:77:28: note: Variable created here.
    struct scanned_dent_node dent_node;
                             ^
  fsck.ubifs/check_files.c:104:48: note: Using pointer to local variable 'dent_node' that is out of scope.
     inum, ubifs_get_key_name(key_type(c, key)), sn->lnum, sn->offs,
                                                 ^
  fsck.ubifs/check_files.c:104:48: error: Using pointer to local variable 'data_node' that is out of scope. [invalidLifetime]
     inum, ubifs_get_key_name(key_type(c, key)), sn->lnum, sn->offs,
                                                 ^
  fsck.ubifs/check_files.c:96:31: note: Address of variable taken here.
    sn = (struct scanned_node *)&data_node;
                                ^
  fsck.ubifs/check_files.c:89:28: note: Variable created here.
    struct scanned_data_node data_node;
                             ^
  fsck.ubifs/check_files.c:104:48: note: Using pointer to local variable 'data_node' that is out of scope.
     inum, ubifs_get_key_name(key_type(c, key)), sn->lnum, sn->offs,
                                                 ^
  fsck.ubifs/check_files.c:106:40: error: Using pointer to local variable 'ino_node' that is out of scope. [invalidLifetime]
   return insert_or_update_file(c, tree, sn, key_type(c, key), inum);
                                         ^
  fsck.ubifs/check_files.c:71:31: note: Address of variable taken here.
    sn = (struct scanned_node *)&ino_node;
                                ^
  fsck.ubifs/check_files.c:64:27: note: Variable created here.
    struct scanned_ino_node ino_node;
                            ^
  fsck.ubifs/check_files.c:106:40: note: Using pointer to local variable 'ino_node' that is out of scope.
   return insert_or_update_file(c, tree, sn, key_type(c, key), inum);
                                         ^
  fsck.ubifs/check_files.c:106:40: error: Using pointer to local variable 'dent_node' that is out of scope. [invalidLifetime]
   return insert_or_update_file(c, tree, sn, key_type(c, key), inum);
                                         ^
  fsck.ubifs/check_files.c:84:31: note: Address of variable taken here.
    sn = (struct scanned_node *)&dent_node;
                                ^
  fsck.ubifs/check_files.c:77:28: note: Variable created here.
    struct scanned_dent_node dent_node;
                             ^
  fsck.ubifs/check_files.c:106:40: note: Using pointer to local variable 'dent_node' that is out of scope.
   return insert_or_update_file(c, tree, sn, key_type(c, key), inum);
                                         ^
  fsck.ubifs/check_files.c:106:40: error: Using pointer to local variable 'data_node' that is out of scope. [invalidLifetime]
   return insert_or_update_file(c, tree, sn, key_type(c, key), inum);
                                         ^
  fsck.ubifs/check_files.c:96:31: note: Address of variable taken here.
    sn = (struct scanned_node *)&data_node;
                                ^
  fsck.ubifs/check_files.c:89:28: note: Variable created here.
    struct scanned_data_node data_node;
                             ^
  fsck.ubifs/check_files.c:106:40: note: Using pointer to local variable 'data_node' that is out of scope.
   return insert_or_update_file(c, tree, sn, key_type(c, key), inum);
                                         ^

Yuta Hayama (2):
  fsck.ubifs: don't use pointers that reference out-of-scope variables
  fsck.ubifs: use the appropriate format specifiers for ino_t and loff_t

 ubifs-utils/fsck.ubifs/check_files.c         |  20 +--
 ubifs-utils/fsck.ubifs/extract_files.c       | 179 ++++++++++---------
 ubifs-utils/fsck.ubifs/handle_disconnected.c |  10 +-
 ubifs-utils/fsck.ubifs/problem.c             |  36 ++--
 ubifs-utils/fsck.ubifs/rebuild_fs.c          |   8 +-
 ubifs-utils/libubifs/dir.c                   |   8 +-
 6 files changed, 130 insertions(+), 131 deletions(-)

-- 
2.43.0

More information about the linux-mtd mailing list