于 2013年02月28日 18:41, Jiri Slaby 写道:
> On 02/26/2013 04:43 AM, Chen Gang wrote:
>> >
>> > when strlen pi->location_code is larger than HVCS_CLC_LENGTH + 1,
>> > original implementation can not let hvcsd->p_location_code NUL
>> > terminated.
>> > so need fix it (also can simplify the code)
> It should never be larger because the +1 is exactly for NUL. But it is a
> cleanup, so why not...
>
when strlen(&pi->location_code[0]) == HVCS_CLC_LENGTH + 2
then clclength will be reset to HVCS_CLC_LENGTH.
when call strncpy, the clclength + 1 == HVCS_CLS_LENGTH + 1
but the '\0' of src buf is located at HVCS_CLS_LENGTH + 2.
so no '\0' copied to dest buf.
then the dest buf will not be ended by '\0'.
is it correct ?
:-)
gchen.
>> > Signed-off-by: Chen Gang <gang.c...@asianux.com>
>> > ---
>> > drivers/tty/hvc/hvcs.c | 9 ++-------
>> > 1 files changed, 2 insertions(+), 7 deletions(-)
>> >
>> > diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c
>> > index 1956593..81e939e 100644
>> > --- a/drivers/tty/hvc/hvcs.c
>> > +++ b/drivers/tty/hvc/hvcs.c
>> > @@ -881,17 +881,12 @@ static struct vio_driver hvcs_vio_driver = {
>> > /* Only called from hvcs_get_pi please */
>> > static void hvcs_set_pi(struct hvcs_partner_info *pi, struct hvcs_struct
>> > *hvcsd)
>> > {
>> > - int clclength;
>> > -
>> > hvcsd->p_unit_address = pi->unit_address;
>> > hvcsd->p_partition_ID = pi->partition_ID;
>> > - clclength = strlen(&pi->location_code[0]);
>> > - if (clclength > HVCS_CLC_LENGTH)
>> > - clclength = HVCS_CLC_LENGTH;
>> >
>> > /* copy the null-term char too */
>> > - strncpy(&hvcsd->p_location_code[0],
>> > - &pi->location_code[0], clclength + 1);
>> > + strlcpy(&hvcsd->p_location_code[0],
>> > + &pi->location_code[0], sizeof(hvcsd->p_location_code));
>> > }
>> >
>> > /*
>> >
--
Chen Gang
Asianux Corporation
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
