1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
Description: Allocating memory more carefully
partclone (0.2.89-3) unstable; urgency=medium
.
* backported some code from the last version. Closes: #857966 (CVE-2017-6596)
Author: Georges Khaznadar <georgesk@debian.org>
Bug-Debian: https://bugs.debian.org/842115
---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:
Origin: Yu-Chin Tsai <thomas@nchc.org.tw>: private e-mail
Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857966
Bug-Debian: https://bugs.debian.org/857966
Reviewed-By: Yu-Chin Tsai <thomas@nchc.org.tw>
Last-Update: 2017-04-06
--- partclone-0.2.89.orig/src/main.c
+++ partclone-0.2.89/src/main.c
@@ -26,6 +26,7 @@
#include <string.h>
#include <unistd.h>
#include <pthread.h>
+#include <malloc.h>
/**
* progress.h - only for progress bar
@@ -141,6 +142,7 @@ int main(int argc, char **argv) {
char bitmagic[8] = "BiTmAgIc";// only for check postition
char bitmagic_r[8]="00000000";/// read magic string from image
unsigned long *bitmap = NULL; /// the point for bitmap data
+ unsigned long long memsize = 0;
int debug = 0; /// debug level
int tui = 0; /// text user interface
int pui = 0; /// progress mode(default text)
@@ -258,7 +260,9 @@ int main(int argc, char **argv) {
/// alloc a memory to store bitmap
bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock));
- if (bitmap == NULL) {
+ memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock);
+
+ if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) {
log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__);
}
@@ -309,7 +313,9 @@ int main(int argc, char **argv) {
/// alloc a memory to restore bitmap
bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock));
- if (bitmap == NULL) {
+ memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock);
+
+ if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) {
log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__);
}
@@ -359,7 +365,9 @@ int main(int argc, char **argv) {
/// alloc a memory to restore bitmap
bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock));
- if (bitmap == NULL) {
+ memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock);
+
+ if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) {
log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__);
}
@@ -404,7 +412,9 @@ int main(int argc, char **argv) {
/// alloc a memory to restore bitmap
bitmap = (unsigned long*)calloc(sizeof(unsigned long), LONGS(image_hdr.totalblock));
- if (bitmap == NULL) {
+ memsize = sizeof(unsigned long) * LONGS(image_hdr.totalblock);
+
+ if ((bitmap == NULL) || (malloc_usable_size(bitmap) < memsize)) {
log_mesg(0, 1, 1, debug, "%s, %i, not enough memory\n", __func__, __LINE__);
}
--- partclone-0.2.89.orig/src/partclone.c
+++ partclone-0.2.89/src/partclone.c
@@ -641,6 +641,12 @@ void restore_image_hdr(int* ret, cmd_opt
if (image_hdr->usedblocks <= 0)
log_mesg(0, 1, 1, debug, "read image_hdr usedblocks error\n");
+ if (image_hdr->usedblocks > image_hdr->totalblock)
+ log_mesg(0, 1, 1, debug, "usedblocks larger than total block error\n");
+
+ if (image_hdr->block_size * image_hdr->totalblock > image_hdr->device_size )
+ log_mesg(0, 0, 1, debug, "device size not match block count\n");
+
dev_size = (unsigned long long)(image_hdr->totalblock * image_hdr->block_size);
if (opt->restore_raw_file == 1) {
return;
|
