usr.sbin/makefs/ffs/ffs_bswap.c CID 974635 : Destination buffer too small (BUFFER_SIZE) 10. buffer_size: You might overrun the 48 byte destination string n->di_db by writing the maximum 60 bytes from o->di_db. 138 memcpy(n->di_db, o->di_db, (NDADDR + NIADDR) * sizeof(u_int32_t)); CID 974636 : Destination buffer too small (BUFFER_SIZE) 20. buffer_size: You might overrun the 16 byte destination string n->di_extb by writing the maximum 136 bytes from o->di_extb. 168 memcpy(n->di_extb, o->di_extb, (NXADDR + NDADDR + NIADDR) * 8); --------------- Source analysis: sys/ufs/ufs/dinode.h defines typedef int32_t ufs1_daddr_t; ... struct ufs1_dinode { ... ufs1_daddr_t di_db[NDADDR]; /* 40: Direct disk blocks. */ ufs1_daddr_t di_ib[NIADDR]; /* 88: Indirect disk blocks. */ ... So both arrays get copied in one memcpy() operation. Same with CID 974636: typedef int64_t ufs2_daddr_t; ... struct ufs2_dinode { ... ufs2_daddr_t di_extb[NXADDR];/* 96: External attributes block. */ ufs2_daddr_t di_db[NDADDR]; /* 112: Direct disk blocks. */ ufs2_daddr_t di_ib[NIADDR]; /* 208: Indirect disk blocks. */ Three arrays, one memcpy(). --------------- Remedy proposal: One should consider to use two or three separate memcpy() calls. (I cannot judge whether the alignment of 40 and 88 needs padding bytes on any architecture.)
Bulk taking makefs bugs.
Handing a number of makefs, mtree, and msdosfs bugs in my queue over to emaste@.
Reset assignee - I am not currently looking at this PR.
Fixed in base r299461