On Wed, 30 Mar 2005, Randy.Dunlap wrote:
> Yum Rayan wrote:
> > On Tue, 29 Mar 2005 09:43:12 -0800, Randy.Dunlap <[email protected]> wrote:
> >
> > > Yum Rayan wrote:
> > >
> > > > - do not write past array index for the boundary case
> > >
> > > I don't see a boundary case problem with the current code,
> > > hence I don't see why the kmalloc(len + 1, GFP_KERNEL) is
> > > needed...
> >
> >
> > 1399 static void who_is_doing_it(void)
> > 1400 {
> > 1401 /* Print out all the args. */
> > 1402 char args[512];
> > 1403 unsigned long i, len = current->mm->arg_end -
> > current->mm->arg_start;
> > 1404
> > 1405 if (len > 512)
> > 1406 len = 512;
> > 1407
> > 1408 len -= copy_from_user(args, (void
> > *)current->mm->arg_start, len);
> > 1409
> > 1410 for (i = 0; i < len; i++) {
> > 1411 if (args[i] == '\0')
> > 1412 args[i] = ' ';
> > 1413 }
> > 1414 args[i] = 0;
> > 1415 printk("ARGS: %s\n", args);
> > 1416 }
> >
> > Let's consider the original code and len = 513
> >
> > After lines 1410 thru 1413, "i" wil be 512. So line 1414 will be
> > "args[512] = 0". But args is 512 byte array with last legally
> > accessible element at 511?
>
> Yes, it's so obvious (now). :)
>
Whoops, that boundary error is mine, sorry about that.
--
Jesper Juhl
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
