ufs-utils: fix crash for ufs-utils list_bsg

The full_path buffer in find_bsg_device function consists of: path + '/' + files->d_name + '\0' So the buffer size should be: strlen(path) + strlen(files->d_name) + 2, not: strlen(path) + strlen(files->d_name) + 1. Backport a patch to fix crash when running 32-bit binary on 64-bit system: $ ufs-utils list_bsg malloc(): invalid next size (unsorted) Aborted (core dumped) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-01-01 13:58:06 +00:00 · 2025-07-20 21:42:14 +08:00 · 2025-07-20 21:42:14 +08:00 · f4bd933b30
commit f4bd933b30
parent 2de5071f9a
2 changed files with 40 additions and 0 deletions
--- a/meta-filesystems/recipes-utils/ufs-utils/files/0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch
+++ b/meta-filesystems/recipes-utils/ufs-utils/files/0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch
@ -0,0 +1,39 @@
+From 989dcd297223d6896c5892532d14984326fa093d Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Fri, 18 Jul 2025 16:52:57 +0800
+Subject: [PATCH] ufs_cmds: fix full_path buffer size in find_bsg_device
+
+The full_path buffer consists of: path + '/' + files->d_name + '\0'
+So the buffer size should be: strlen(path) + strlen(files->d_name) + 2
+
+Fix crash when running 32-bit binary on 64-bit system:
+$ ufs-utils list_bsg
+malloc(): invalid next size (unsorted)
+Aborted (core dumped)
+
+Fix #58
+
+Upstream-Status: Backport
+[https://github.com/SanDisk-Open-Source/ufs-utils/commit/989dcd297223d6896c5892532d14984326fa093d]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ ufs_cmds.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ufs_cmds.c b/ufs_cmds.c
+index ddb037c..a6faa27 100644
+--- a/ufs_cmds.c
+++ b/ufs_cmds.c
+@@ -1520,7 +1520,7 @@ static int find_bsg_device(char* path, int *counter) {
+ 			if ((strcmp(files->d_name, ".") != 0) &&
+ 			    (strcmp(files->d_name, "..") != 0)) {
+ 				char *full_path = (char *)malloc(strlen(path) +
+-						   strlen(files->d_name) + 1);
+						   strlen(files->d_name) + 2);
+ 				sprintf(full_path, "%s/%s",
+ 					path, files->d_name);
+ 				rc = find_bsg_device(full_path, counter);
+-- 
+2.34.1
+
--- a/meta-filesystems/recipes-utils/ufs-utils/ufs-utils_7.14.12.bb
+++ b/meta-filesystems/recipes-utils/ufs-utils/ufs-utils_7.14.12.bb
@ -7,6 +7,7 @@ BRANCH ?= "dev"
 SRCREV = "dd2e655780424eadf7610de33e5966be19168a95"

 SRC_URI = "git://github.com/westerndigitalcorporation/ufs-utils.git;protocol=https;branch=${BRANCH} \
+           file://0001-ufs_cmds-fix-full_path-buffer-size-in-find_bsg_devic.patch \
          "

 UPSTREAM_CHECK_COMMITS = "1"