Re: [PATCH -mm] Don't truncate /proc/PID/environ at 4096 characters

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> >>+
> >>+               if (copy_to_user(buf, page, retval)) {
> >
> >                                                                 ^^^^
> > shouldn't you only copy min(count,retval) bytes? otherwise you could
> > write beyond the users buffer "buf", right?
>
> AFAIK, 'retval' can never be greater than 'this_len', which can never be
> greater than 'max_len', which can never be greater than 'count'

I think that's not true. 'count' is changing through the iteration.
The difference in the mem_read():

* while (count > 0) {
*     int this_len, retval;
*
*      this_len = (count > PAGE_SIZE) ? PAGE_SIZE : count;
*      retval = access_process_vm(task, src, page, this_len, 0);
*
*      ...
* }

is the fact, that this_len = min(PAGE_SIZE, count) is in the
iteration block, hence retval <= this_len <= count in each iteration
step. So this is ok. But IMHO in your code 'retval' may be bigger than
'count' in the last iteration of the block, because 'max_len' is fix
through your iteration but 'count' is changing. Or am i missing
something?

> James Pearson

Arvin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux