From 515ea005fd1860a04ee37973aba352d3f3ee6954 Mon Sep 17 00:00:00 2001
From: Keith Mok <kmok@cyngn.com>
Date: Tue, 16 Feb 2016 09:46:04 -0800
Subject: fs_mgr: BLKGETSIZE causes memory corruption

BLKGETSIZE return unsigned long sector size,
but unsigned long is of 8 bytes in 64 bits system.
Passing an integar value will causes stack corruption.
Use BLKGETSIZE64 instead.

Change-Id: If2bf44673f5ab3436f79f0af3252990d56748f5c
---
 fs_mgr/fs_mgr_format.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs_mgr/fs_mgr_format.c b/fs_mgr/fs_mgr_format.c
index e932990..8bda19c 100644
--- a/fs_mgr/fs_mgr_format.c
+++ b/fs_mgr/fs_mgr_format.c
@@ -33,7 +33,7 @@ extern void reset_ext4fs_info();
 
 static int format_ext4(char *fs_blkdev, char *fs_mnt_point, long long fs_length)
 {
-    unsigned int nr_sec;
+    uint64_t dev_sz;
     int fd, rc = 0;
 
     if ((fd = open(fs_blkdev, O_WRONLY, 0644)) < 0) {
@@ -41,7 +41,7 @@ static int format_ext4(char *fs_blkdev, char *fs_mnt_point, long long fs_length)
         return -1;
     }
 
-    if ((ioctl(fd, BLKGETSIZE, &nr_sec)) == -1) {
+    if ((ioctl(fd, BLKGETSIZE64, &dev_sz)) == -1) {
         ERROR("Cannot get block device size.  %s\n", strerror(errno));
         close(fd);
         return -1;
@@ -49,7 +49,7 @@ static int format_ext4(char *fs_blkdev, char *fs_mnt_point, long long fs_length)
 
     /* Format the partition using the calculated length */
     reset_ext4fs_info();
-    info.len = ((off64_t)nr_sec * 512);
+    info.len = (off64_t)dev_sz;
 
     if (fs_length > 0) {
         info.len = fs_length;
-- 
cgit v1.1