Re: filldir[64] oddness

From: Stephen Rothwell
Date: Wed Mar 08 2006 - 23:33:20 EST

Next message: Christoph Lameter: "No zone_reclaim if PF_MALLOC is set."
Previous message: Jesse Barnes: "Re: [PATCH] Document Linux's memory barriers [try #2]"
In reply to: Vadim Lobanov: "Re: filldir[64] oddness"
Next in thread: Al Viro: "Re: filldir[64] oddness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 8 Mar 2006 23:27:44 -0500 Dave Jones <davej@xxxxxxxxxx> wrote:
>
> I'm puzzled by an aparent use of uninitialised memory
> that coverity's checker picked up.
>
> fs/readdir.c
>
> #define NAME_OFFSET(de) ((int) ((de)->d_name - (char __user *) (de)))
> #define ROUND_UP(x) (((x)+sizeof(long)-1) & ~(sizeof(long)-1))
>
> 140 static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
> 141 ino_t ino, unsigned int d_type)
> 142 {
> 143 struct linux_dirent __user * dirent;
> 144 struct getdents_callback * buf = (struct getdents_callback *) __buf
> 145 int reclen = ROUND_UP(NAME_OFFSET(dirent) + namlen + 2);
>
> How come that NAME_OFFSET isn't causing an oops when
> it dereferences stackjunk->d_name ?

because d_name is an array, so the reference is really &(dirent->d_name[0]) and no
dereference occurs ...

--
Cheers,
Stephen Rothwell sfr@xxxxxxxxxxxxxxxx
http://www.canb.auug.org.au/~sfr/

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Christoph Lameter: "No zone_reclaim if PF_MALLOC is set."
Previous message: Jesse Barnes: "Re: [PATCH] Document Linux's memory barriers [try #2]"
In reply to: Vadim Lobanov: "Re: filldir[64] oddness"
Next in thread: Al Viro: "Re: filldir[64] oddness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]