From 4a8f8a66459f6d311672c42f8a9ac3661fb79208 Mon Sep 17 00:00:00 2001
From: Jaroslav Skarvada <jskarvad@redhat.com>
Date: Thu, 6 Jan 2011 22:35:00 +0100
Subject: [PATCH] Fixing overflow bug in reclaim_file function, see
 https://bugzilla.redhat.com/show_bug.cgi?id=660154 for more information.

The problem is that alloc_rootdir_entry counts with 10000 files at max, but the
filename buffer is only 8 chars long. Due to pattern mask used it results to
only 10 files at max (FSCK0-9REC). If there is more than 10 files, it overflows
and hangs.

Signed-off-by: Daniel Baumann <mail@daniel-baumann.ch>
---
 src/fat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/fat.c b/src/fat.c
index 0dd3cbd..5a0dfb0 100644
--- a/src/fat.c
+++ b/src/fat.c
@@ -474,7 +474,7 @@ void reclaim_file(DOS_FS * fs)
 	    DIR_ENT de;
 	    loff_t offset;
 	    files++;
-	    offset = alloc_rootdir_entry(fs, &de, "FSCK%04dREC");
+	    offset = alloc_rootdir_entry(fs, &de, "FSCK%04d");
 	    de.start = CT_LE_W(i & 0xffff);
 	    if (fs->fat_bits == 32)
 		de.starthi = CT_LE_W(i >> 16);