xfs_scrub: fix buffer overflow in string_escape

Need to allocate one more byte for the null terminator, just in case the
/entire/ input string consists of non-printable bytes e.g. emoji.

Cc: <linux-xfs@vger.kernel.org> # v4.15.0
Fixes: 396cd0223598bb ("xfs_scrub: warn about suspicious characters in directory/xattr names")
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Andrey Albershteyn <aalbersh@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>

diff --git a/scrub/common.c b/scrub/common.c
index 6eb3c026dc5ac97421c30b1298ad1e7be183091f..2b2d4a67bc47a23b29749a808acecaba4a6c4b26 100644 (file)
--- a/scrub/common.c
+++ b/scrub/common.c
@@ -320,7 +320,11 @@ string_escape(
        char                    *q;
        int                     x;
 
-       str = malloc(strlen(in) * 4);
+       /*
+        * Each non-printing byte renders as a four-byte escape sequence, so
+        * allocate 4x the input length, plus a byte for the null terminator.
+        */
+       str = malloc(strlen(in) * 4 + 1);
        if (!str)
                return NULL;
        for (p = in, q = str; *p != '\0'; p++) {