summaryrefslogtreecommitdiffstats
path: root/fs/reiserfs
diff options
context:
space:
mode:
authorJeff Mahoney <jeffm@suse.com>2009-03-30 14:02:22 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2009-03-30 12:16:36 -0700
commitcacbe3d7ad3c0a345ca1ce7bf1ecb4c5bfe54d7b (patch)
tree853abddd05fe175e7aacf9cc7868b28e1bfa6e62 /fs/reiserfs
parent45b03d5e8e674eb6555b767e1c8eb40b671ff892 (diff)
downloadlinux-cacbe3d7ad3c0a345ca1ce7bf1ecb4c5bfe54d7b.tar.gz
linux-cacbe3d7ad3c0a345ca1ce7bf1ecb4c5bfe54d7b.tar.bz2
linux-cacbe3d7ad3c0a345ca1ce7bf1ecb4c5bfe54d7b.zip
reiserfs: prepare_error_buf wrongly consumes va_arg
vsprintf will consume varargs on its own. Skipping them manually results in garbage in the error buffer, or Oopses in the case of pointers. This patch removes the advancement and fixes a number of bugs where crashes were observed as side effects of a regular error report. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/reiserfs')
-rw-r--r--fs/reiserfs/prints.c12
1 files changed, 3 insertions, 9 deletions
diff --git a/fs/reiserfs/prints.c b/fs/reiserfs/prints.c
index 50ed4bd3ef63..b87b23717c23 100644
--- a/fs/reiserfs/prints.c
+++ b/fs/reiserfs/prints.c
@@ -157,19 +157,16 @@ static void sprintf_disk_child(char *buf, struct disk_child *dc)
dc_size(dc));
}
-static char *is_there_reiserfs_struct(char *fmt, int *what, int *skip)
+static char *is_there_reiserfs_struct(char *fmt, int *what)
{
char *k = fmt;
- *skip = 0;
-
while ((k = strchr(k, '%')) != NULL) {
if (k[1] == 'k' || k[1] == 'K' || k[1] == 'h' || k[1] == 't' ||
k[1] == 'z' || k[1] == 'b' || k[1] == 'y' || k[1] == 'a') {
*what = k[1];
break;
}
- (*skip)++;
k++;
}
return k;
@@ -193,18 +190,15 @@ static void prepare_error_buf(const char *fmt, va_list args)
char *fmt1 = fmt_buf;
char *k;
char *p = error_buf;
- int i, j, what, skip;
+ int what;
strcpy(fmt1, fmt);
- while ((k = is_there_reiserfs_struct(fmt1, &what, &skip)) != NULL) {
+ while ((k = is_there_reiserfs_struct(fmt1, &what)) != NULL) {
*k = 0;
p += vsprintf(p, fmt1, args);
- for (i = 0; i < skip; i++)
- j = va_arg(args, int);
-
switch (what) {
case 'k':
sprintf_le_key(p, va_arg(args, struct reiserfs_key *));