libmount: fix subvolid buffer overflow in get_btrfs_fs_root

diff --git a/libmount/src/tab.c b/libmount/src/tab.c
index 68244f13791e3cb6860eb971296fb7e278799cbb..98ccd7cf32cae0b14db7db02ea72ecd9a3e755d1 100644 (file)
--- a/libmount/src/tab.c
+++ b/libmount/src/tab.c
@@ -1635,7 +1635,10 @@ static int get_btrfs_fs_root(struct libmnt_table *tb, struct libmnt_fs *fs,
 
                DBG(BTRFS, ul_debug(" found subvolid=%s, checking", vol));
 
-               assert (volsz + 1 < sizeof(stringify_value(UINT64_MAX)));
+               /* a subvolid is a u64, so a longer value cannot match any
+                * subvolume; reject it rather than overflow subvolidstr */
+               if (volsz + 1 >= sizeof(subvolidstr))
+                       goto not_found;
                memcpy(subvolidstr, vol, volsz);
                subvolidstr[volsz] = '\0';