On 2019-02-05, Andy Shevchenko wrote: > On Sun, Feb 3, 2019 at 9:04 PM Mattias Jacobsson <[email protected]> wrote: > > On 2019-01-30, Andy Shevchenko wrote: > > > On Wed, Jan 30, 2019 at 5:15 PM Mattias Jacobsson <[email protected]> wrote: > > > > > + if (len < 0 || len >= 500) { > > > > > > Would it even possible to get a negative number here? > > > Same for any other number than slightly bigger than 36. > > > > snprintf returns a negative number on error. BTW AFAIU the code from > > file2alias.c gets dynamically linked against a libc. > > OK. > > > > So, what about simple > > > > > > { > > > DEF_FIELD_ADDR(...); > > > size_t len; > > > > > > len = strlen(*guid_string); > > > if (len != ...) { > > > ... > > > } > > > sprintf(...); > > > return 1; > > > } > > > > > > ? > > > > Then we are missing the check that we are within the bounds of alias > > I don't see how. By checking a length of string we be sure, that the > result would have a non-arbitrary length.
If you do s/500/ALIAS_SIZE/ on the patch? My code is written with that in mind, I guess that wasn't totally clear. BTW I've posted [1] to introduce the ALIAS_SIZE macro. [1]: https://lore.kernel.org/lkml/[email protected]/ > > > as well as the negative code from s*printf(). snprintf() does this nicely > > for us. > > This one I agree with, means in the above example we may do > > return sprintf(...); > > if callers recognize just a sign, or > > len = sprintf(...); > if (len < 0) > return len; // -1? 0? > > return 1; > > otherwise. Great > > -- > With Best Regards, > Andy Shevchenko Thanks, Mattias
