Re: filldir[64] oddness

On Wed, 8 Mar 2006 23:27:44 -0500 Dave Jones <[email protected]> wrote:
>
> I'm puzzled by an aparent use of uninitialised memory
> that coverity's checker picked up.
> 
> fs/readdir.c
> 
> #define NAME_OFFSET(de) ((int) ((de)->d_name - (char __user *) (de)))
> #define ROUND_UP(x) (((x)+sizeof(long)-1) & ~(sizeof(long)-1))
> 
> 140  	static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
> 141  			   ino_t ino, unsigned int d_type)
> 142  	{
> 143  		struct linux_dirent __user * dirent;
> 144  		struct getdents_callback * buf = (struct getdents_callback *) __buf
> 145  		int reclen = ROUND_UP(NAME_OFFSET(dirent) + namlen + 2);
> 
> How come that NAME_OFFSET isn't causing an oops when
> it dereferences stackjunk->d_name ?

because d_name is an array, so the reference is really &(dirent->d_name[0]) and no
dereference occurs ...

-- 
Cheers,
Stephen Rothwell                    [email protected]
http://www.canb.auug.org.au/~sfr/

Attachment: pgpsUIn9ArSLn.pgp
Description: PGP signature

References:
- filldir[64] oddness
  - From: Dave Jones <[email protected]>

Prev by Date: Re: [PATCH] Document Linux's memory barriers [try #2]
Next by Date: Re: [PATCH] Document Linux's memory barriers [try #2]
Previous by thread: Re: filldir[64] oddness
Next by thread: Re: filldir[64] oddness
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]