From: dim Date: Wed, 14 Dec 2016 19:28:19 +0000 (+0000) Subject: In xbd_connect(), use correct scanf conversion specifiers for the X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=0c8256861b80bccf8f38db07faa7bb97c1f14021;p=people%2Froyger%2Ffreebsd.git In xbd_connect(), use correct scanf conversion specifiers for the feature_barrier and feature_flush variables. Otherwise, adjacent variables on the stack, such as sector_size, may be overwritten, with disastrous results. Note that I did not see a good reason to revert the addition of zero checks introduced in r310013. Better safe than sorry. PR: 215209 Tested by: royger MFC after: 3 days --- diff --git a/sys/dev/xen/blkfront/blkfront.c b/sys/dev/xen/blkfront/blkfront.c index 2e09c2eb4094..9eca2201f89b 100644 --- a/sys/dev/xen/blkfront/blkfront.c +++ b/sys/dev/xen/blkfront/blkfront.c @@ -1259,13 +1259,13 @@ xbd_connect(struct xbd_softc *sc) if (err || phys_sector_size <= sector_size) phys_sector_size = 0; err = xs_gather(XST_NIL, xenbus_get_otherend_path(dev), - "feature-barrier", "%lu", &feature_barrier, + "feature-barrier", "%d", &feature_barrier, NULL); if (err == 0 && feature_barrier != 0) sc->xbd_flags |= XBDF_BARRIER; err = xs_gather(XST_NIL, xenbus_get_otherend_path(dev), - "feature-flush-cache", "%lu", &feature_flush, + "feature-flush-cache", "%d", &feature_flush, NULL); if (err == 0 && feature_flush != 0) sc->xbd_flags |= XBDF_FLUSH;