From 2f4f65ce9137aab6acaf1004bacc09d3a975d881 Mon Sep 17 00:00:00 2001
From: Richard Braun <rbraun@sceen.net>
Date: Tue, 3 Jul 2012 21:09:39 -0300
Subject: Fix stack corruption in ext2fs server

* ext2fs/inode.c (diskfs_node_iterate): allocate the temporary node
table from the heap instead of the stack.
---
 ext2fs/inode.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'ext2fs')

diff --git a/ext2fs/inode.c b/ext2fs/inode.c
index f25cc1fa..2da8a95e 100644
--- a/ext2fs/inode.c
+++ b/ext2fs/inode.c
@@ -552,7 +552,16 @@ diskfs_node_iterate (error_t (*fun)(struct node *))
     for (node = nodehash[n]; node; node = node->dn->hnext)
       num_nodes++;
 
-  node_list = alloca (num_nodes * sizeof (struct node *));
+  /* TODO This method doesn't scale beyond a few dozen nodes and should be
+     replaced.  */
+  node_list = malloc (num_nodes * sizeof (struct node *));
+  if (node_list == NULL)
+    {
+      spin_unlock (&diskfs_node_refcnt_lock);
+      ext2_debug ("unable to allocate temporary node table");
+      return ENOMEM;
+    }
+
   p = node_list;
   for (n = 0; n < INOHSZ; n++)
     for (node = nodehash[n]; node; node = node->dn->hnext)
@@ -576,6 +585,7 @@ diskfs_node_iterate (error_t (*fun)(struct node *))
       diskfs_nrele (node);
     }
 
+  free (node_list);
   return err;
 }
 
-- 
cgit v1.2.3