Re: filldir[64] oddness

From: David S. Miller
Date: Wed Mar 08 2006 - 23:29:33 EST

Next message: Vadim Lobanov: "Re: filldir[64] oddness"
Previous message: Randy.Dunlap: "Re: [Updated]: How to become a kernel driver maintainer"
In reply to: Dave Jones: "filldir[64] oddness"
Next in thread: Dave Jones: "Re: filldir[64] oddness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dave Jones <davej@xxxxxxxxxx>
Date: Wed, 8 Mar 2006 23:27:44 -0500

> #define NAME_OFFSET(de) ((int) ((de)->d_name - (char __user *) (de)))
> #define ROUND_UP(x) (((x)+sizeof(long)-1) & ~(sizeof(long)-1))
>
> 140 static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
> 141 ino_t ino, unsigned int d_type)
> 142 {
> 143 struct linux_dirent __user * dirent;
> 144 struct getdents_callback * buf = (struct getdents_callback *) __buf
> 145 int reclen = ROUND_UP(NAME_OFFSET(dirent) + namlen + 2);
>
> How come that NAME_OFFSET isn't causing an oops when
> it dereferences stackjunk->d_name ?

d_name a char[] array, and we're just doing pointer arithmetic
here. It's the same as "offsetof(d_name, struct linux_dirent)"
or something like that.

I think coverity is being trigger happy in this case :-)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vadim Lobanov: "Re: filldir[64] oddness"
Previous message: Randy.Dunlap: "Re: [Updated]: How to become a kernel driver maintainer"
In reply to: Dave Jones: "filldir[64] oddness"
Next in thread: Dave Jones: "Re: filldir[64] oddness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]