Re: [PATCH] lib/parser: cleanup match_number()

From: Andrew Morton
Date: Fri Oct 08 2010 - 15:13:35 EST

Next message: Zimny Lech: "Re: mmotm 2010-10-07-14-08 uploaded"
Previous message: Christoph Hellwig: "Re: [PATCH 15/18] fs: introduce a per-cpu last_ino allocator"
In reply to: Namhyung Kim: "[PATCH] lib/parser: cleanup match_number()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 9 Oct 2010 00:44:17 +0900
Namhyung Kim <namhyung@xxxxxxxxx> wrote:

> Use new variable 'len' to make code more readable.
>
> Signed-off-by: Namhyung Kim <namhyung@xxxxxxxxx>
> ---
> lib/parser.c | 7 ++++---
> 1 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/lib/parser.c b/lib/parser.c
> index fb34977..6e89eca 100644
> --- a/lib/parser.c
> +++ b/lib/parser.c
> @@ -128,12 +128,13 @@ static int match_number(substring_t *s, int *result, int base)
> char *endp;
> char *buf;
> int ret;
> + size_t len = s->to - s->from;
>
> - buf = kmalloc(s->to - s->from + 1, GFP_KERNEL);
> + buf = kmalloc(len + 1, GFP_KERNEL);
> if (!buf)
> return -ENOMEM;
> - memcpy(buf, s->from, s->to - s->from);
> - buf[s->to - s->from] = '\0';
> + memcpy(buf, s->from, len);
> + buf[len] = '\0';
> *result = simple_strtol(buf, &endp, base);
> ret = 0;
> if (endp == buf)

Fair enough. `len' should strictly be ptrdiff_t and then later on it
wants to be size_t. I can't think of much to do about that...

The function itself looks a bit buggy to me:

static int match_number(substring_t *s, int *result, int base)
{
char *endp;
char *buf;
int ret;
size_t len = s->to - s->from;

buf = kmalloc(len + 1, GFP_KERNEL);
if (!buf)
return -ENOMEM;
memcpy(buf, s->from, len);
buf[len] = '\0';
*result = simple_strtol(buf, &endp, base);
ret = 0;
if (endp == buf)
ret = -EINVAL;
kfree(buf);
return ret;
}

afaict, if you feed it "12q34" then simple_strtoul() will return a
pointer to the 'q' and the result is 12. The `if (endp == buf)' check
will return false, so this function's attempt to check that all digits
were valid doesn't work right.

If I'm correct, that's fixable by using strict_strtol() or by switching
the test to "if (*endp == '\0')" or similar. But fixing this may
easily break existing kernel code and existing machine installations,
so we need to tread carefully.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Zimny Lech: "Re: mmotm 2010-10-07-14-08 uploaded"
Previous message: Christoph Hellwig: "Re: [PATCH 15/18] fs: introduce a per-cpu last_ino allocator"
In reply to: Namhyung Kim: "[PATCH] lib/parser: cleanup match_number()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]