Re: [PATCH] RDMA/ocrdma: Fix an off-by-one issue in 'ocrdma_add_stat'

From: Dan Carpenter
Date: Thu Apr 16 2020 - 09:09:27 EST

Next message: Mark Brown: "Re: linux-next: Fixes tags needs some work in the sound-asoc tree"
Previous message: Arnd Bergmann: "Re: [PATCH 1/2] arm64: Sort vendor-specific errata"
Next in thread: Jason Gunthorpe: "Re: [PATCH] RDMA/ocrdma: Fix an off-by-one issue in 'ocrdma_add_stat'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 14, 2020 at 03:34:41PM -0300, Jason Gunthorpe wrote:
> The memcpy is still kind of silly right? What about this:
>
> static int ocrdma_add_stat(char *start, char *pcur, char *name, u64 count)
> {
> size_t len = (start + OCRDMA_MAX_DBGFS_MEM) - pcur;
> int cpy_len;
>
> cpy_len = snprintf(pcur, len, "%s: %llu\n", name, count);
> if (cpy_len >= len || cpy_len < 0) {

The kernel version of snprintf() doesn't and will never return
negatives. It would cause a huge security headache if it started
returning negatives.

> pr_err("%s: No space in stats buff\n", __func__);
> return 0;
> }

regards,
dan carpenter

Next message: Mark Brown: "Re: linux-next: Fixes tags needs some work in the sound-asoc tree"
Previous message: Arnd Bergmann: "Re: [PATCH 1/2] arm64: Sort vendor-specific errata"
Next in thread: Jason Gunthorpe: "Re: [PATCH] RDMA/ocrdma: Fix an off-by-one issue in 'ocrdma_add_stat'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]