libext2fs: Round up the bitmap size when allocating a new bitmap

The x86 BT assembly instructure can overshoot the end of a bit array when testing a bit at the end of the bit array, even if it never needs to look at those memory locations. This can cause a spurious segmentation fault. If we allocate a little extra memory, it avoids this problem. See: http://faydoc.tripod.com/cpu/bt.htm This doesn't happen on Linux, probably because of the glibc's malloc() function works, but apparently it's a major problem on the *BSD operating systems. Addresses-Sourceforge-Bug: #2328708 Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
author: Theodore Ts'o <tytso@mit.edu> 2009-09-07 16:21:49 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2009-09-07 16:21:49 -0400
commit: 51e64594919c986f87267b895504322a38ec4fac (patch)
tree: 675d48077dd6c01fda1fea9da41fe589472747cd
parent: 7a9f055f0e7aae18daddc4e5fe9c29babab53b90 (diff)
download: e2fsprogs-51e64594919c986f87267b895504322a38ec4fac.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/ext2fs/gen_bitmap.c b/lib/ext2fs/gen_bitmap.c
index 1f7d2c4c..54a39dcb 100644
--- a/lib/ext2fs/gen_bitmap.c
+++ b/lib/ext2fs/gen_bitmap.c
@@ -103,6 +103,8 @@ errcode_t ext2fs_make_generic_bitmap(errcode_t magic, ext2_filsys fs,
 		bitmap->description = 0;
 
 	size = (size_t) (((bitmap->real_end - bitmap->start) / 8) + 1);
+	/* Round up to allow for the BT x86 instruction */
+	size = (size + 7) & ~3;
 	retval = ext2fs_get_mem(size, &bitmap->bitmap);
 	if (retval) {
 		ext2fs_free_mem(&bitmap->description);
author	Theodore Ts'o <tytso@mit.edu>	2009-09-07 16:21:49 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2009-09-07 16:21:49 -0400
commit	51e64594919c986f87267b895504322a38ec4fac (patch)
tree	675d48077dd6c01fda1fea9da41fe589472747cd
parent	7a9f055f0e7aae18daddc4e5fe9c29babab53b90 (diff)
download	e2fsprogs-51e64594919c986f87267b895504322a38ec4fac.tar.gz