On Wed, Mar 08, 2006 at 08:32:04PM -0800, David S. Miller wrote:
> From: Dave Jones <[email protected]>
> Date: Wed, 8 Mar 2006 23:27:44 -0500
>
> > #define NAME_OFFSET(de) ((int) ((de)->d_name - (char __user *) (de)))
> > #define ROUND_UP(x) (((x)+sizeof(long)-1) & ~(sizeof(long)-1))
> >
> > 140 static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
> > 141 ino_t ino, unsigned int d_type)
> > 142 {
> > 143 struct linux_dirent __user * dirent;
> > 144 struct getdents_callback * buf = (struct getdents_callback *) __buf
> > 145 int reclen = ROUND_UP(NAME_OFFSET(dirent) + namlen + 2);
> >
> > How come that NAME_OFFSET isn't causing an oops when
> > it dereferences stackjunk->d_name ?
>
> d_name a char[] array, and we're just doing pointer arithmetic
> here. It's the same as "offsetof(d_name, struct linux_dirent)"
> or something like that.
Duh, yes. Of course.
> I think coverity is being trigger happy in this case :-)
agreed.
Dave
--
http://www.codemonkey.org.uk
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
