From: Darrick J. Wong <djwong@kernel.org>
Date: Mon, 24 Feb 2025 18:22:08 +0000 (-0800)
Subject: xfs_scrub: fix buffer overflow in string_escape
X-Git-Tag: v6.14.0~36
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a55329da927a0fc3cd7c219b9ef2df51a3ae964b;p=thirdparty%2Fxfsprogs-dev.git

xfs_scrub: fix buffer overflow in string_escape

Need to allocate one more byte for the null terminator, just in case the
/entire/ input string consists of non-printable bytes e.g. emoji.

Cc: <linux-xfs@vger.kernel.org> # v4.15.0
Fixes: 396cd0223598bb ("xfs_scrub: warn about suspicious characters in directory/xattr names")
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Andrey Albershteyn <aalbersh@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
---

diff --git a/scrub/common.c b/scrub/common.c
index 6eb3c026..2b2d4a67 100644
--- a/scrub/common.c
+++ b/scrub/common.c
@@ -320,7 +320,11 @@ string_escape(
 	char			*q;
 	int			x;
 
-	str = malloc(strlen(in) * 4);
+	/*
+	 * Each non-printing byte renders as a four-byte escape sequence, so
+	 * allocate 4x the input length, plus a byte for the null terminator.
+	 */
+	str = malloc(strlen(in) * 4 + 1);
 	if (!str)
 		return NULL;
 	for (p = in, q = str; *p != '\0'; p++) {