From f4bd933b301d6a2969a9c77ab7874d765eb6a312 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Sun, 20 Jul 2025 21:42:14 +0800 Subject: ufs-utils: fix crash for ufs-utils list_bsg The full_path buffer in find_bsg_device function consists of: path + '/' + files->d_name + '\0' So the buffer size should be: strlen(path) + strlen(files->d_name) + 2, not: strlen(path) + strlen(files->d_name) + 1. Backport a patch to fix crash when running 32-bit binary on 64-bit system: $ ufs-utils list_bsg malloc(): invalid next size (unsorted) Aborted (core dumped) Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --- ...x-full_path-buffer-size-in-find_bsg_devic.patch | 39 ++++++++++++++++++++++ .../recipes-utils/ufs-utils/ufs-utils_7.14.12.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta-filesystems/recipes-utils/ufs-utils/files/0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch diff --git a/meta-filesystems/recipes-utils/ufs-utils/files/0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch b/meta-filesystems/recipes-utils/ufs-utils/files/0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch new file mode 100644 index 0000000000..7ae858a65e --- /dev/null +++ b/meta-filesystems/recipes-utils/ufs-utils/files/0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch @@ -0,0 +1,39 @@ +From 989dcd297223d6896c5892532d14984326fa093d Mon Sep 17 00:00:00 2001 +From: Yi Zhao +Date: Fri, 18 Jul 2025 16:52:57 +0800 +Subject: [PATCH] ufs_cmds: fix full_path buffer size in find_bsg_device + +The full_path buffer consists of: path + '/' + files->d_name + '\0' +So the buffer size should be: strlen(path) + strlen(files->d_name) + 2 + +Fix crash when running 32-bit binary on 64-bit system: +$ ufs-utils list_bsg +malloc(): invalid next size (unsorted) +Aborted (core dumped) + +Fix #58 + +Upstream-Status: Backport +[https://github.com/SanDisk-Open-Source/ufs-utils/commit/989dcd297223d6896c5892532d14984326fa093d] + +Signed-off-by: Yi Zhao +--- + ufs_cmds.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ufs_cmds.c b/ufs_cmds.c +index ddb037c..a6faa27 100644 +--- a/ufs_cmds.c ++++ b/ufs_cmds.c +@@ -1520,7 +1520,7 @@ static int find_bsg_device(char* path, int *counter) { + if ((strcmp(files->d_name, ".") != 0) && + (strcmp(files->d_name, "..") != 0)) { + char *full_path = (char *)malloc(strlen(path) + +- strlen(files->d_name) + 1); ++ strlen(files->d_name) + 2); + sprintf(full_path, "%s/%s", + path, files->d_name); + rc = find_bsg_device(full_path, counter); +-- +2.34.1 + diff --git a/meta-filesystems/recipes-utils/ufs-utils/ufs-utils_7.14.12.bb b/meta-filesystems/recipes-utils/ufs-utils/ufs-utils_7.14.12.bb index bcece228f5..0366654d7b 100644 --- a/meta-filesystems/recipes-utils/ufs-utils/ufs-utils_7.14.12.bb +++ b/meta-filesystems/recipes-utils/ufs-utils/ufs-utils_7.14.12.bb @@ -7,6 +7,7 @@ BRANCH ?= "dev" SRCREV = "dd2e655780424eadf7610de33e5966be19168a95" SRC_URI = "git://github.com/westerndigitalcorporation/ufs-utils.git;protocol=https;branch=${BRANCH} \ + file://0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch \ " UPSTREAM_CHECK_COMMITS = "1" -- cgit v1.2.3-54-g00ecf