From 22075f09fc3ae7898995075dca8700c97dc67f39 Mon Sep 17 00:00:00 2001
From: zt20xx <dev03303@linx-info.com>
Date: Thu, 27 Mar 2025 10:37:25 +0800
Subject: [PATCH] mkfs.bfs fix memory leak

(cherry picked from commit 705475ca5a5532de3c35555951c1a9895eefc0dc)
---
 mkfs.bfs-fix-memory-leaks-and-weak-code.patch | 108 ++++++++++++++++++
 util-linux.spec                               |  10 +-
 2 files changed, 117 insertions(+), 1 deletion(-)
 create mode 100644 mkfs.bfs-fix-memory-leaks-and-weak-code.patch

diff --git a/mkfs.bfs-fix-memory-leaks-and-weak-code.patch b/mkfs.bfs-fix-memory-leaks-and-weak-code.patch
new file mode 100644
index 0000000..86d3624
--- /dev/null
+++ b/mkfs.bfs-fix-memory-leaks-and-weak-code.patch
@@ -0,0 +1,108 @@
+From 2c6ce1240f118a2d00ad93060da409c3995b7f67 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 1 Apr 2025 15:54:07 +0200
+Subject: [PATCH] mkfs.bfs: fix memory leaks and weak code
+
+- use size_t to store strlen() result
+- init superblock with the default volume and fsname
+- don't use strdup(), it's unnecessary as getopt_long() does not
+  modify arguments
+- don't use memcpy() as we need to check string sizes
+- restrict verbose output 6 bytes
+
+Addresses: https://github.com/util-linux/util-linux/pull/3488
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ disk-utils/mkfs.bfs.c | 34 ++++++++++++++++++++++------------
+ 1 file changed, 22 insertions(+), 12 deletions(-)
+
+diff --git a/disk-utils/mkfs.bfs.c b/disk-utils/mkfs.bfs.c
+index 895a1f27b..d18589ab2 100644
+--- a/disk-utils/mkfs.bfs.c
++++ b/disk-utils/mkfs.bfs.c
+@@ -103,7 +103,7 @@ static void __attribute__((__noreturn__)) usage(void)
+ 
+ int main(int argc, char **argv)
+ {
+-	char *device, *volume, *fsname;
++	char *device, *volume = NULL, *fsname = NULL;
+ 	char *lockmode = 0;
+ 	long inodes;
+ 	unsigned long long total_blocks, ino_bytes, ino_blocks, data_blocks;
+@@ -111,12 +111,16 @@ int main(int argc, char **argv)
+ 	int verbose = 0;
+ 	int fd;
+ 	uint32_t first_block;
+-	struct bfssb sb;
+ 	struct bfsi ri;
+ 	struct bfsde de;
+ 	struct stat statbuf;
+ 	time_t now;
+-	int c, i, len;
++	int c, i;
++	size_t len;
++	struct bfssb sb = {
++		.s_fsname = "\x20\x20\x20\x20\x20\x20",
++		.s_volume = "\x20\x20\x20\x20\x20\x20"
++	};
+ 
+ 	enum {
+ 	    VERSION_OPTION = CHAR_MAX + 1,
+@@ -145,7 +149,6 @@ int main(int argc, char **argv)
+ 	if (argc == 2 && !strcmp(argv[1], "-V"))
+ 		print_version(EXIT_SUCCESS);
+ 
+-	volume = fsname = "      ";	/* is there a default? */
+ 	inodes = 0;
+ 
+ 	while ((c = getopt_long(argc, argv, "N:V:F:vhcl", longopts, NULL)) != -1) {
+@@ -155,17 +158,21 @@ int main(int argc, char **argv)
+ 			break;
+ 
+ 		case 'V':
++			if (volume)
++				errx(EXIT_FAILURE, _("more than one volume"));
+ 			len = strlen(optarg);
+-			if (len <= 0 || len > 6)
++			if (!len || len > sizeof(sb.s_volume))
+ 				errx(EXIT_FAILURE, _("volume name too long"));
+-			volume = xstrdup(optarg);
++			volume = optarg;
+ 			break;
+ 
+ 		case 'F':
++			if (fsname)
++				errx(EXIT_FAILURE, _("more than one fsname"));
+ 			len = strlen(optarg);
+-			if (len <= 0 || len > 6)
++			if (!len || len > sizeof(sb.s_fsname))
+ 				errx(EXIT_FAILURE, _("fsname name too long"));
+-			fsname = xstrdup(optarg);
++			fsname = optarg;
+ 			break;
+ 
+ 		case 'v':
+@@ -260,13 +267,16 @@ int main(int argc, char **argv)
+ 	sb.s_start = cpu_to_le32(ino_bytes + sizeof(struct bfssb));
+ 	sb.s_end = cpu_to_le32(total_blocks * BFS_BLOCKSIZE - 1);
+ 	sb.s_from = sb.s_to = sb.s_backup_from = sb.s_backup_to = -1;
+-	memcpy(sb.s_fsname, fsname, 6);
+-	memcpy(sb.s_volume, volume, 6);
++
++	if (fsname)
++		str2memcpy(sb.s_fsname, fsname, sizeof(sb.s_fsname));
++	if (volume)
++		str2memcpy(sb.s_volume, volume, sizeof(sb.s_volume));
+ 
+ 	if (verbose) {
+ 		fprintf(stderr, _("Device: %s\n"), device);
+-		fprintf(stderr, _("Volume: <%-6s>\n"), volume);
+-		fprintf(stderr, _("FSname: <%-6s>\n"), fsname);
++		fprintf(stderr, _("Volume: <%.6s>\n"), sb.s_volume);
++		fprintf(stderr, _("FSname: <%.6s>\n"), sb.s_fsname);
+ 		fprintf(stderr, _("BlockSize: %d\n"), BFS_BLOCKSIZE);
+ 		if (ino_blocks == 1)
+ 			fprintf(stderr, _("Inodes: %ld (in 1 block)\n"),
+-- 
+2.20.1
+
diff --git a/util-linux.spec b/util-linux.spec
index 9c49700..3dc280c 100644
--- a/util-linux.spec
+++ b/util-linux.spec
@@ -3,7 +3,7 @@
 
 Name:           util-linux
 Version:        2.39.1
-Release:        19
+Release:        20
 Summary:        A random collection of Linux utilities
 License:        GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@@ -107,6 +107,7 @@ Patch9001:      util-linux-Add-sw64-architecture.patch
 Patch9002:      sfdisk-fix-crash-casued-by-out-of-bounds-access.patch
 Patch9003:      add-new-gmo-file.patch
 Patch9004:      mount-fix-use-option-owner-mount-failed.patch
+Patch9005:      mkfs.bfs-fix-memory-leaks-and-weak-code.patch
 
 BuildRequires:  audit-libs-devel >= 1.0.6 gettext-devel libselinux-devel ncurses-devel pam-devel zlib-devel popt-devel
 BuildRequires:  libutempter-devel systemd-devel systemd libuser-devel libcap-ng-devel python3-devel gcc autoconf automake
@@ -483,6 +484,13 @@ fi
 %endif
 
 %changelog
+* Thu Mar 27 2025 zhangting <dev03303@linx-info.com> - 2.39.1-20
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: fix an issue that mkfs.bfs fix memory leak
+	mkfs.bfs-fix-memory-leaks-and-weak-code.patch
+
 * Tue Mar 25 2025 zhangyao <zhangyao108@huawei.com> - 2.39.1-19
 - Type: bugfix
 - CVE: NA
-- 
Gitee