bugfix: fru_strncpy was off by one, leading to rare memory corruptions
After correctly allocating the the manufacturer or device name,
and correctly copying the not-null-terminated string from ipmi-fru,
I put the termination '\0' at string[len + 1] .
If you build a recent kernel under slob (which is the default), it
may fail miserably at unexpected places. For example, if
your string is 15 bytes, I allocated 16 but wrote to the 17th.
slob has 16-byte alloc areas, and so I was corrupting the next area.
This never happened with slab (which I prefer and run) because the smalles
allocation chunk there is 32 bytes -- I would experience the same
with a 31-long manufacturer or device name.
Signed-off-by: Alessandro Rubini <rubini@gnudd.com>
Showing
Please
register
or
sign in
to comment