Re: [PATCH 3/5] blktrace: fix off-by-one bug
From: Ingo Molnar
Date: Tue Mar 24 2009 - 04:28:31 EST
* Li Zefan <lizf@xxxxxxxxxxxxxx> wrote:
> 'what' is used as the index of array what2act, so it can't >= the array size.
>
> Signed-off-by: Li Zefan <lizf@xxxxxxxxxxxxxx>
> ---
> kernel/trace/blktrace.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
> index 9af4143..0e91caa 100644
> --- a/kernel/trace/blktrace.c
> +++ b/kernel/trace/blktrace.c
> @@ -1149,7 +1149,7 @@ static enum print_line_t blk_trace_event_print(struct trace_iterator *iter,
> if (!trace_print_context(iter))
> return TRACE_TYPE_PARTIAL_LINE;
>
> - if (unlikely(what == 0 || what > ARRAY_SIZE(what2act)))
> + if (unlikely(what == 0 || what >= ARRAY_SIZE(what2act)))
> ret = trace_seq_printf(s, "Bad pc action %x\n", what);
> else {
> const bool long_act = !!(trace_flags & TRACE_ITER_VERBOSE);
> @@ -1196,7 +1196,7 @@ static enum print_line_t blk_tracer_print_line(struct trace_iterator *iter)
> t = (const struct blk_io_trace *)iter->ent;
> what = t->action & ((1 << BLK_TC_SHIFT) - 1);
>
> - if (unlikely(what == 0 || what > ARRAY_SIZE(what2act)))
> + if (unlikely(what == 0 || what >= ARRAY_SIZE(what2act)))
ah, nice. How did you notice - did we miss "remap" events due to
this bug?
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/