Alexander Viro writes:
> It just gets better and better...
Sorry, Al. You're wrong on this one...
> in get_removable_partition()
> if (strcmp (de->name, "disc") == 0) return check_disc_changed (de);
>
> with
> if ( name && (namelen < 1) ) namelen = strlen (name);
> if ( ( new = kmalloc (sizeof *new + namelen, GFP_KERNEL) ) == NULL )
> return NULL;
> ...
> if (name) memcpy (new->name, name, namelen);
>
> in create_entry().
>
> IOW, ->name is not NUL-terminated.
In fact, it is. Take a look at the declaration of struct devfs_entry
and you'll see that there is one byte already taken up for the name
string. So adding the length of the string yields storage for len+1
bytes. IOW, space for the NULL-terminator. And right after the call to
kmalloc(), I call:
memset (new, 0, sizeof *new + namelen);
which zeros everything, including the terminator.
If I missed something as basic as NULL-termination, the thing probably
wouldn't even boot!
Regards,
Richard....
Permanent: rgooch@atnf.csiro.au
Current: rgooch@ras.ucalgary.ca
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Nov 07 2001 - 21:00:28 EST