reiserfs: prepare_error_buf wrongly consumes va_arg
vsprintf will consume varargs on its own. Skipping them manually results in garbage in the error buffer, or Oopses in the case of pointers. This patch removes the advancement and fixes a number of bugs where crashes were observed as side effects of a regular error report. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
45b03d5e8e
commit
cacbe3d7ad
@ -157,19 +157,16 @@ static void sprintf_disk_child(char *buf, struct disk_child *dc)
|
||||
dc_size(dc));
|
||||
}
|
||||
|
||||
static char *is_there_reiserfs_struct(char *fmt, int *what, int *skip)
|
||||
static char *is_there_reiserfs_struct(char *fmt, int *what)
|
||||
{
|
||||
char *k = fmt;
|
||||
|
||||
*skip = 0;
|
||||
|
||||
while ((k = strchr(k, '%')) != NULL) {
|
||||
if (k[1] == 'k' || k[1] == 'K' || k[1] == 'h' || k[1] == 't' ||
|
||||
k[1] == 'z' || k[1] == 'b' || k[1] == 'y' || k[1] == 'a') {
|
||||
*what = k[1];
|
||||
break;
|
||||
}
|
||||
(*skip)++;
|
||||
k++;
|
||||
}
|
||||
return k;
|
||||
@ -193,18 +190,15 @@ static void prepare_error_buf(const char *fmt, va_list args)
|
||||
char *fmt1 = fmt_buf;
|
||||
char *k;
|
||||
char *p = error_buf;
|
||||
int i, j, what, skip;
|
||||
int what;
|
||||
|
||||
strcpy(fmt1, fmt);
|
||||
|
||||
while ((k = is_there_reiserfs_struct(fmt1, &what, &skip)) != NULL) {
|
||||
while ((k = is_there_reiserfs_struct(fmt1, &what)) != NULL) {
|
||||
*k = 0;
|
||||
|
||||
p += vsprintf(p, fmt1, args);
|
||||
|
||||
for (i = 0; i < skip; i++)
|
||||
j = va_arg(args, int);
|
||||
|
||||
switch (what) {
|
||||
case 'k':
|
||||
sprintf_le_key(p, va_arg(args, struct reiserfs_key *));
|
||||
|
Loading…
Reference in New Issue
Block a user