[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [PATCH 1/4] extract vmcoreinfo from /proc/vmcore for Xen



Hi,

On Mon, 31 Mar 2008 14:28:26 +0900
Simon Horman <horms@xxxxxxxxxxxx> wrote:

> On Mon, Mar 31, 2008 at 01:25:19PM +0900, Itsuro ODA wrote:
> > This patch is for xen-3.2.0.
> > 
> > --- common/kexec.c.org      2008-03-25 09:29:39.000000000 +0900
> > +++ common/kexec.c  2008-03-28 12:50:33.000000000 +0900
> > @@ -43,6 +43,9 @@
> 
> [snip]
> 
> > +void vmcoreinfo_append_str(const char *fmt, ...)
> > +{
> > +    va_list args;
> > +    char buf[0x50];
> > +    int r;
> > +    size_t note_size = sizeof(Elf_Note) + 
> > ELFNOTE_ALIGN(strlen(VMCOREINFO_NOTE_NAME) + 1);
> > +
> > +    va_start(args, fmt);
> > +    r = vsnprintf(buf, sizeof(buf), fmt, args);
> > +    va_end(args);
> > +
> > +    if (r + vmcoreinfo_size + note_size > VMCOREINFO_BYTES)
> > +   r = VMCOREINFO_BYTES - vmcoreinfo_size - note_size;
> > +
> > +    memcpy(&vmcoreinfo_data[note_size + vmcoreinfo_size], buf, r);
> > +
> > +    vmcoreinfo_size += r;
> > +}
> 
> Hi Oda-san,
> 
> It looks like it is possible for both vsnprintf() and
> the "if (r + vmcoreinfo_size + note_size > VMCOREINFO_BYTES)" logic
> to truncate a feild. Is this likely to be a problem in practice,
> or is the code just guarding against malformed input?

just guarding against malformed input.

> Also, this code looks like it will be need to up-ported due to changes
> that I recently made to common/kexec.c and the range fetching portion of
> the hypercall in unstable.  This shouldn't be a big deal, just something
> that is worth mentioning.

I see.

Thanks.
-- 
Itsuro ODA <oda@xxxxxxxxxxxxx>


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.