Re: [PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

2007-11-10 Thread WANG Cong
On Sun, Nov 11, 2007 at 11:29:59AM +0800, Miao Xie wrote: >on 2007-11-8 20:11 WANG Cong wrote: >>On Thu, Nov 08, 2007 at 07:47:41PM +0800, WANG Cong wrote: >>>Yes, snprintf is safer than sprintf. But here, the 'count' will be >>>mis-pointed when snprintf returns no less than PAGE_SIZE (what you

Re: [PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

2007-11-10 Thread Miao Xie
on 2007-11-8 20:11 WANG Cong wrote: On Thu, Nov 08, 2007 at 07:47:41PM +0800, WANG Cong wrote: Yes, snprintf is safer than sprintf. But here, the 'count' will be mis-pointed when snprintf returns no less than PAGE_SIZE (what you called overflow). So you may also need: if

Re: [PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

2007-11-10 Thread Miao Xie
on 2007-11-8 20:11 WANG Cong wrote: On Thu, Nov 08, 2007 at 07:47:41PM +0800, WANG Cong wrote: Yes, snprintf is safer than sprintf. But here, the 'count' will be mis-pointed when snprintf returns no less than PAGE_SIZE (what you called overflow). So you may also need: if

Re: [PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

2007-11-10 Thread WANG Cong
On Sun, Nov 11, 2007 at 11:29:59AM +0800, Miao Xie wrote: on 2007-11-8 20:11 WANG Cong wrote: On Thu, Nov 08, 2007 at 07:47:41PM +0800, WANG Cong wrote: Yes, snprintf is safer than sprintf. But here, the 'count' will be mis-pointed when snprintf returns no less than PAGE_SIZE (what you called

Re: [PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

2007-11-08 Thread WANG Cong
On Thu, Nov 08, 2007 at 07:47:41PM +0800, WANG Cong wrote: >On Thu, Nov 08, 2007 at 06:53:40PM +0800, Miao Xie wrote: >>Hi,every one. >> I found that there is a buffer overflow problem in the following code. >> >>Version: 2.6.24-rc2, >>File: kernel/time/clocksource.c:417-432

Re: [PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

2007-11-08 Thread WANG Cong
On Thu, Nov 08, 2007 at 06:53:40PM +0800, Miao Xie wrote: >Hi,every one. > I found that there is a buffer overflow problem in the following code. > >Version: 2.6.24-rc2, >File: kernel/time/clocksource.c:417-432 >

[PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

2007-11-08 Thread Miao Xie
Hi,every one. I found that there is a buffer overflow problem in the following code. Version:2.6.24-rc2, File: kernel/time/clocksource.c:417-432 static ssize_t sysfs_show_available_clocksources(struct

Re: [PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

2007-11-08 Thread WANG Cong
On Thu, Nov 08, 2007 at 06:53:40PM +0800, Miao Xie wrote: Hi,every one. I found that there is a buffer overflow problem in the following code. Version: 2.6.24-rc2, File: kernel/time/clocksource.c:417-432 static

Re: [PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

2007-11-08 Thread WANG Cong
On Thu, Nov 08, 2007 at 07:47:41PM +0800, WANG Cong wrote: On Thu, Nov 08, 2007 at 06:53:40PM +0800, Miao Xie wrote: Hi,every one. I found that there is a buffer overflow problem in the following code. Version: 2.6.24-rc2, File: kernel/time/clocksource.c:417-432

[PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

2007-11-08 Thread Miao Xie
Hi,every one. I found that there is a buffer overflow problem in the following code. Version:2.6.24-rc2, File: kernel/time/clocksource.c:417-432 static ssize_t sysfs_show_available_clocksources(struct