> On Nov 21, 2020, at 4:40 PM, Anders Larsen <[email protected]> wrote: > > On Friday, 2020-11-20 22:21 Tong Zhang wrote: >> the di_fname may not terminated by '\0', use strnlen to prevent buffer >> overrun >> >> --- >> fs/qnx4/namei.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/fs/qnx4/namei.c b/fs/qnx4/namei.c >> index 8d72221735d7..c0e79094f578 100644 >> --- a/fs/qnx4/namei.c >> +++ b/fs/qnx4/namei.c >> @@ -40,7 +40,7 @@ static int qnx4_match(int len, const char *name, >> } else { >> namelen = QNX4_SHORT_NAME_MAX; >> } >> - thislen = strlen( de->di_fname ); >> + thislen = strnlen( de->di_fname, QNX4_SHORT_NAME_MAX ); > > that should be > + thislen = strnlen( de->di_fname, namelen ); > otherwise the length of a filename would always be limited to > QNX4_SHORT_NAME_MAX (16) characters. > Why should we put something bigger here if the size of qnx4_inode_entry->di_fname is QNX4_SHORT_NAME_MAX. Won’t that be a problem?
>> if ( thislen > namelen ) >> thislen = namelen; > > These two lines can be dropped now, as the result of strnlen() cannot exceed > namelen anyway. > > Cheers > Anders > >
