From 51e64594919c986f87267b895504322a38ec4fac Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Mon, 7 Sep 2009 16:21:49 -0400 Subject: [PATCH] libext2fs: Round up the bitmap size when allocating a new bitmap The x86 BT assembly instructure can overshoot the end of a bit array when testing a bit at the end of the bit array, even if it never needs to look at those memory locations. This can cause a spurious segmentation fault. If we allocate a little extra memory, it avoids this problem. See: http://faydoc.tripod.com/cpu/bt.htm This doesn't happen on Linux, probably because of the glibc's malloc() function works, but apparently it's a major problem on the *BSD operating systems. Addresses-Sourceforge-Bug: #2328708 Signed-off-by: "Theodore Ts'o" --- lib/ext2fs/gen_bitmap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/ext2fs/gen_bitmap.c b/lib/ext2fs/gen_bitmap.c index 1f7d2c4cf..54a39dcb5 100644 --- a/lib/ext2fs/gen_bitmap.c +++ b/lib/ext2fs/gen_bitmap.c @@ -103,6 +103,8 @@ errcode_t ext2fs_make_generic_bitmap(errcode_t magic, ext2_filsys fs, bitmap->description = 0; size = (size_t) (((bitmap->real_end - bitmap->start) / 8) + 1); + /* Round up to allow for the BT x86 instruction */ + size = (size + 7) & ~3; retval = ext2fs_get_mem(size, &bitmap->bitmap); if (retval) { ext2fs_free_mem(&bitmap->description); -- 2.47.2