RE: [PATCH] FS: Fixed buffer overflow issue in seq_read()

From: Charley (Hao Chuan) Chu
Date: Tue Nov 19 2013 - 16:23:16 EST

Next message: Khalid Aziz: "Re: [PATCH 2/3] mm: hugetlb: use get_page_foll in follow_hugetlb_page"
Previous message: Stephen Warren: "Re: [PATCHv5 2/9] driver/core: populate devices in order for IOMMUs"
In reply to: Linus Torvalds: "Re: [PATCH] FS: Fixed buffer overflow issue in seq_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> m->from is a red herring - it's not even looked at if m->count is 0.

Then, shall the initialization here be removed too?

@@ -90,7 +90,7 @@ static int traverse(struct seq_file *m, loff_t offset)

m->version = 0;
index = 0;
- m->count = m->from = 0;
+ m->count = 0;
if (!offset) {
m->index = index;
return 0;

> What do you think about then just abstracing out that now common sequence
> of re-allocating a larger buffer, while clearing m->count?

Following code is duplicated (slightly different) in both seq_read() and seq_lseek().
It would be nice to have them consolidated in traverse().

while ((err = traverse(m, *ppos)) == -EAGAIN)
;
if (err) {
/* With prejudice... */
m->read_pos = 0;
m->version = 0;
m->index = 0;
m->count = 0;
goto Done;
} else {
m->read_pos = *ppos;
}

Thanks,
Charley

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Khalid Aziz: "Re: [PATCH 2/3] mm: hugetlb: use get_page_foll in follow_hugetlb_page"
Previous message: Stephen Warren: "Re: [PATCHv5 2/9] driver/core: populate devices in order for IOMMUs"
In reply to: Linus Torvalds: "Re: [PATCH] FS: Fixed buffer overflow issue in seq_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]