Fix crash with absurdly but not impossibly deeply nested device stacks

Use the proper PATH_MAX for the max path for disk util, and use
snprintf() to avoid potentially overwriting it.

Modified by Jens to return NULL instead of exiting.

Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/diskutil.c b/diskutil.c
index fbc4268e800f9068d6bfcf5f3a6bb7a4a54cb4cc..3681dde5d8cedb8190e4dcbd61f60274bba76179 100644 (file)
--- a/diskutil.c
+++ b/diskutil.c
@@ -276,13 +276,20 @@ static struct disk_util *disk_util_add(struct thread_data *td, int majdev,
 {
        struct disk_util *du, *__du;
        struct flist_head *entry;
+       int l;
 
        dprint(FD_DISKUTIL, "add maj/min %d/%d: %s\n", majdev, mindev, path);
 
        du = smalloc(sizeof(*du));
        memset(du, 0, sizeof(*du));
        INIT_FLIST_HEAD(&du->list);
-       sprintf(du->path, "%s/stat", path);
+       l = snprintf(du->path, sizeof(du->path), "%s/stat", path);
+       if (l < 0 || l >= sizeof(du->path)) {
+               log_err("constructed path \"%.100s[...]/stat\" larger than buffer (%zu bytes)\n",
+                       path, sizeof(du->path) - 1);
+               sfree(du);
+               return NULL;
+       }
        strncpy((char *) du->dus.name, basename(path), FIO_DU_NAME_SZ);
        du->sysfs_root = path;
        du->major = majdev;

diff --git a/diskutil.h b/diskutil.h
index b89aaccbf8020db0e8008f8e09d8b53858c8f6c1..ddd64719b5cf6d97f09d2f59716eeb6552c4d95f 100644 (file)
--- a/diskutil.h
+++ b/diskutil.h
@@ -42,7 +42,7 @@ struct disk_util {
 
        char *name;
        char *sysfs_root;
-       char path[256];
+       char path[PATH_MAX];
        int major, minor;
 
        struct disk_util_stat dus;