xfs_db: don't print arrays off the end of a buffer

Before printing an array, clamp the array count against the size of the
buffer so that we don't print random heap contents.

[sandeen: re-use fsz variable in call to prfunc]

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>

diff --git a/db/print.c b/db/print.c
index e31372ff62e4dd547a4b7e39b87e4f805c0ed055..0da36c278b90274a2d6e69073b95ade52f692852 100644 (file)
--- a/db/print.c
+++ b/db/print.c
@@ -144,10 +144,19 @@ print_flist_1(
                        if (fl->flags & FL_OKHIGH)
                                count = min(count, fl->high - low + 1);
                        if (fa->prfunc) {
+                               int     fsz;
+                               int     bitlen;
+
+                               /* Don't read an array off the end of the buffer */
+                               fsz = fsize(f, iocur_top->data, parentoff, 0);
+                               bitlen = iocur_top->len * NBBY;
+                               if ((f->flags & FLD_ARRAY) &&
+                                   fl->offset + (count * fsz) > bitlen) {
+                                       count = (bitlen - fl->offset) / fsz;
+                               }
+
                                neednl = fa->prfunc(iocur_top->data, fl->offset,
-                                       count, fa->fmtstr,
-                                       fsize(f, iocur_top->data, parentoff, 0),
-                                       fa->arg, low,
+                                       count, fa->fmtstr, fsz, fa->arg, low,
                                        (f->flags & FLD_ARRAY) != 0);
                                if (neednl)
                                        dbprintf("\n");