Description of problem: This is the same problem described in bug 228706, this time in debugfs' rdump_dirent function (debugfs/dump.c): Version-Release number of selected component (if applicable): e2fsprogs-1.35-12.4.EL4 How reproducible: 100% Steps to Reproduce: See steps in bug 228706 Actual results: The byte after the end of name[] is overwritten. Expected results: The assignment stays within the array bounds.
Created attachment 148065 [details] Patch correcting array usage in rdump_dirent
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
upstream commit for cid-11, cid-12, cid-13 at http://thunk.org/hg/e2fsprogs/?rev/4c321a4ecbd6
Applying a DEV_ACK for Eric Sandeen <sandeen>. This bug was found by coverity and has a patch available.
In cvs as of e2fsprogs-1.35-12.7.el4
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0758.html