[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Re: [PATCH 1/4] extract vmcoreinfo from /proc/vmcore for Xen
Hi, On Mon, 31 Mar 2008 14:28:26 +0900 Simon Horman <horms@xxxxxxxxxxxx> wrote: > On Mon, Mar 31, 2008 at 01:25:19PM +0900, Itsuro ODA wrote: > > This patch is for xen-3.2.0. > > > > --- common/kexec.c.org 2008-03-25 09:29:39.000000000 +0900 > > +++ common/kexec.c 2008-03-28 12:50:33.000000000 +0900 > > @@ -43,6 +43,9 @@ > > [snip] > > > +void vmcoreinfo_append_str(const char *fmt, ...) > > +{ > > + va_list args; > > + char buf[0x50]; > > + int r; > > + size_t note_size = sizeof(Elf_Note) + > > ELFNOTE_ALIGN(strlen(VMCOREINFO_NOTE_NAME) + 1); > > + > > + va_start(args, fmt); > > + r = vsnprintf(buf, sizeof(buf), fmt, args); > > + va_end(args); > > + > > + if (r + vmcoreinfo_size + note_size > VMCOREINFO_BYTES) > > + r = VMCOREINFO_BYTES - vmcoreinfo_size - note_size; > > + > > + memcpy(&vmcoreinfo_data[note_size + vmcoreinfo_size], buf, r); > > + > > + vmcoreinfo_size += r; > > +} > > Hi Oda-san, > > It looks like it is possible for both vsnprintf() and > the "if (r + vmcoreinfo_size + note_size > VMCOREINFO_BYTES)" logic > to truncate a feild. Is this likely to be a problem in practice, > or is the code just guarding against malformed input? just guarding against malformed input. > Also, this code looks like it will be need to up-ported due to changes > that I recently made to common/kexec.c and the range fetching portion of > the hypercall in unstable. This shouldn't be a big deal, just something > that is worth mentioning. I see. Thanks. -- Itsuro ODA <oda@xxxxxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |