Updated xen patches taken from suse.

[people/teissler/ipfire-2.x.git] / src / patches / suse-2.6.27.25 / patches.fixes / reiserfs-varargs-fix

From: Jeff Mahoney <jeffm@suse.com>
Subject: [PATCH] reiserfs: prepare_error_buf wrongly consumes va_arg

 vsprintf will consume varargs on its own. Skipping them manually
 results in garbage in the error buffer, or Oopses in the case of
 pointers.

 This patch removes the advancement and fixes a number of bugs where
 crashes were observed as side effects of a regular error report.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---

 fs/reiserfs/prints.c |   12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

--- a/fs/reiserfs/prints.c
+++ b/fs/reiserfs/prints.c
@@ -157,19 +157,16 @@ static void sprintf_disk_child(char *buf
                dc_size(dc));
 }
 
-static char *is_there_reiserfs_struct(char *fmt, int *what, int *skip)
+static char *is_there_reiserfs_struct(char *fmt, int *what)
 {
        char *k = fmt;
 
-       *skip = 0;
-
        while ((k = strchr(k, '%')) != NULL) {
                if (k[1] == 'k' || k[1] == 'K' || k[1] == 'h' || k[1] == 't' ||
                    k[1] == 'z' || k[1] == 'b' || k[1] == 'y' || k[1] == 'a') {
                        *what = k[1];
                        break;
                }
-               (*skip)++;
                k++;
        }
        return k;
@@ -193,18 +190,15 @@ static void prepare_error_buf(const char
        char *fmt1 = fmt_buf;
        char *k;
        char *p = error_buf;
-       int i, j, what, skip;
+       int what;
 
        strcpy(fmt1, fmt);
 
-       while ((k = is_there_reiserfs_struct(fmt1, &what, &skip)) != NULL) {
+       while ((k = is_there_reiserfs_struct(fmt1, &what)) != NULL) {
                *k = 0;
 
                p += vsprintf(p, fmt1, args);
 
-               for (i = 0; i < skip; i++)
-                       j = va_arg(args, int);
-
                switch (what) {
                case 'k':
                        sprintf_le_key(p, va_arg(args, struct reiserfs_key *));