Move xen patchset to new version's subdir.

[people/teissler/ipfire-2.x.git] / src / patches / suse-2.6.27.31 / patches.fixes / reiserfs-varargs-fix

diff --git a/src/patches/suse-2.6.27.31/patches.fixes/reiserfs-varargs-fix b/src/patches/suse-2.6.27.31/patches.fixes/reiserfs-varargs-fix
new file mode 100644 (file)
index 0000000..4edd578
--- /dev/null
+++ b/src/patches/suse-2.6.27.31/patches.fixes/reiserfs-varargs-fix
@@ -0,0 +1,60 @@
+From: Jeff Mahoney <jeffm@suse.com>
+Subject: [PATCH] reiserfs: prepare_error_buf wrongly consumes va_arg
+
+ vsprintf will consume varargs on its own. Skipping them manually
+ results in garbage in the error buffer, or Oopses in the case of
+ pointers.
+
+ This patch removes the advancement and fixes a number of bugs where
+ crashes were observed as side effects of a regular error report.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+---
+
+ fs/reiserfs/prints.c |   12 +++---------
+ 1 file changed, 3 insertions(+), 9 deletions(-)
+
+--- a/fs/reiserfs/prints.c
++++ b/fs/reiserfs/prints.c
+@@ -157,19 +157,16 @@ static void sprintf_disk_child(char *buf
+               dc_size(dc));
+ }
+ 
+-static char *is_there_reiserfs_struct(char *fmt, int *what, int *skip)
++static char *is_there_reiserfs_struct(char *fmt, int *what)
+ {
+       char *k = fmt;
+ 
+-      *skip = 0;
+-
+       while ((k = strchr(k, '%')) != NULL) {
+               if (k[1] == 'k' || k[1] == 'K' || k[1] == 'h' || k[1] == 't' ||
+                   k[1] == 'z' || k[1] == 'b' || k[1] == 'y' || k[1] == 'a') {
+                       *what = k[1];
+                       break;
+               }
+-              (*skip)++;
+               k++;
+       }
+       return k;
+@@ -193,18 +190,15 @@ static void prepare_error_buf(const char
+       char *fmt1 = fmt_buf;
+       char *k;
+       char *p = error_buf;
+-      int i, j, what, skip;
++      int what;
+ 
+       strcpy(fmt1, fmt);
+ 
+-      while ((k = is_there_reiserfs_struct(fmt1, &what, &skip)) != NULL) {
++      while ((k = is_there_reiserfs_struct(fmt1, &what)) != NULL) {
+               *k = 0;
+ 
+               p += vsprintf(p, fmt1, args);
+ 
+-              for (i = 0; i < skip; i++)
+-                      j = va_arg(args, int);
+-
+               switch (what) {
+               case 'k':
+                       sprintf_le_key(p, va_arg(args, struct reiserfs_key *));