Re: Fw: Re: oops in choose_configuration()

On Tue, 7 Mar 2006, Chuck Ebbert wrote:
> 
> At least one susbsystem rolls its own method of adding env vars to the
> uevent buffer, and it's so broken it triggers the WARN_ON() in
> lib/vsprintf.c::vsnprintf() by passing a negative length to that function.

Well, snprintf() should be safe, though. It will warn if the caller is 
lazy, but these days, the thing does

	max(buf_size - len, 0)

which should mean that the input layer passes in 0 instead of a negative 
number. And snprintf() will then _not_ print anything. 

So I think input_add_uevent_bm_var() is safe, even if it's not pretty.

However, input_devices_read() doesn't do any sanity checking at all, and 
if that ever ends up printing more than a page, that would be bad. I 
didn't look very closely, but it looks worrisome.

Dmitry?

		Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: Fw: Re: oops in choose_configuration()
  - From: Joe Korty <[email protected]>
- Re: Fw: Re: oops in choose_configuration()
  - From: Dmitry Torokhov <[email protected]>

References:
- Re: Fw: Re: oops in choose_configuration()
  - From: Chuck Ebbert <[email protected]>

Prev by Date: Re: Fw: Re: oops in choose_configuration()
Next by Date: Re: [PATCH] EDAC: core EDAC support code
Previous by thread: Re: Fw: Re: oops in choose_configuration()
Next by thread: Re: Fw: Re: oops in choose_configuration()
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]