On Fri, Jan 24, 2014 at 01:17:46PM +0100, Denys Vlasenko wrote: > A number of routines wasn't checking that the initial call > to prepend "\0" to result buffer doesn't fail. > > Coredump code was seeing d_path() with zero-sized buffer > to erroneously return bogus data (non-error pointer > pointing before buffer start). > > Users report that this change fixes it.
NAK. Again, this is not dealing with overflows - it's basic sanity check on arguments. Choose which level should that be done at and just do it there. As in "if (!buflen) return -ENAMETOOLONG;". > char *cwd = page + PATH_MAX; > int buflen = PATH_MAX; > > - prepend(&cwd, &buflen, "\0", 1); > - error = prepend_path(&pwd, &root, &cwd, &buflen); > + error = prepend(&cwd, &buflen, "\0", 1); > + if (!error) > + error = prepend_path(&pwd, &root, &cwd, &buflen); Ah, yes - the dreadful case of zero PATH_MAX... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
