diff options
| author | Michael Tokarev <mjt@tls.msk.ru> | 2024-12-30 00:08:50 +0300 |
|---|---|---|
| committer | Michael Tokarev <mjt@tls.msk.ru> | 2024-12-31 18:20:41 +0300 |
| commit | d8d17d2bf6181cdc9b8ef3db862006ddb6af12d4 (patch) | |
| tree | 43fa12d44ab01060d1b0c7c16e94e41d5c6a49ae /block | |
| parent | 7c89e226f878539b633dde3fd9c9f061c34094e3 (diff) | |
| download | qemu-d8d17d2bf6181cdc9b8ef3db862006ddb6af12d4.zip qemu-d8d17d2bf6181cdc9b8ef3db862006ddb6af12d4.tar.gz qemu-d8d17d2bf6181cdc9b8ef3db862006ddb6af12d4.tar.bz2 | |
Revert "vvfat: fix ubsan issue in create_long_filename"
This reverts commit 0cb3ff7c22671aa1e1e227318799ccf6762c3bea.
The original code was right in that long name in LFN directory
entry uses other parts of the entry for the name too, not just
the original "name" field. So it is wrong to limit the offset
to be within the name field. Some other mechanism is needed
to fix the ubsan report and whole messy usage of bytes past the
given field.
Reported-by: Volker RĂ¼melin <vr_qemu@t-online.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Diffstat (limited to 'block')
| -rw-r--r-- | block/vvfat.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/block/vvfat.c b/block/vvfat.c index f2eafaa..8ffe8b3 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -426,10 +426,6 @@ static direntry_t *create_long_filename(BDRVVVFATState *s, const char *filename) else if(offset<22) offset=14+offset-10; else offset=28+offset-22; entry=array_get(&(s->directory),s->directory.next-1-(i/26)); - /* ensure we don't write anything past entry->name */ - if (offset >= sizeof(entry->name)) { - continue; - } if (i >= 2 * length + 2) { entry->name[offset] = 0xff; } else if (i % 2 == 0) { |