Re: [PATCH] fat: Read buffer overflow
From: OGAWA Hirofumi
Date: Sat Aug 08 2009 - 06:18:11 EST
OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx> writes:
> Pekka Enberg <penberg@xxxxxxxxxxxxxx> writes:
>
>> Yes, but we pass "ulen" to vfat_is_used_badchars(). The value of
>> "ulen" is a returned in the "longlen" argument of xlate_to_uni() which
>> in turn is calculated as follows for the UTF-8 case:
>>
>> int name_len = strlen(name);
>> *outlen = utf8s_to_utf16s(name, PATH_MAX, (wchar_t *) outname);
>> *outlen -= (name_len - len);
>> *longlen = *outlen;
>>
>> Maybe "*outlen" can never be negative because of some invariants that
>> I don't see but it's so non-obvious to me that I'd like to see the
>> explicit check in vfat_is_used_badchars().
>
> Ah, good point. Sorry, I was looking my tree. I'm going to submit the
> attached patch on next merge window.
>
> Is this enough for it?
BTW, if we want the sanity check of "longlen", I'd like to put it in the
end of xlate_to_uni(), not vfat_is_used_badchars(). Because I think it's
job of xlate_to_uni().
Thanks.
--
OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/