[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <51A4931D.9090209@asianux.com>
Date: Tue, 28 May 2013 19:21:01 +0800
From: Chen Gang <gang.chen@...anux.com>
To: Will Deacon <will.deacon@....com>
CC: Catalin Marinas <Catalin.Marinas@....com>,
"vgupta@...opsys.com" <vgupta@...opsys.com>,
Tony Lindgren <tony@...mide.com>,
Santosh Shilimkar <santosh.shilimkar@...com>,
Andrew Morton <akpm@...ux-foundation.org>,
Rusty Russell <rusty@...tcorp.com.au>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Linux-Arch <linux-arch@...r.kernel.org>
Subject: Re: [PATCH v2] arch: arm64: kernel: sprintf(), 'str' needs additional
1 byte for failure processing
On 05/28/2013 06:42 PM, Will Deacon wrote:
> Hello,
>
> On Mon, May 27, 2013 at 03:00:12AM +0100, Chen Gang wrote:
>> >
>> > When failure occurs at the last looping cycle (when 'i == 0'), it will
>> > print "bad PC value" instead of "(%08x) ", which needs additional 1
>> > byte.
>> >
>> > If not add 1 byte, the 'str' may be memory overflow.
>> >
>> >
>> > Signed-off-by: Chen Gang <gang.chen@...anux.com>
>> > ---
>> > arch/arm64/kernel/traps.c | 2 +-
>> > 1 files changed, 1 insertions(+), 1 deletions(-)
>> >
>> > diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
>> > index 61d7dd2..c2f68d2 100644
>> > --- a/arch/arm64/kernel/traps.c
>> > +++ b/arch/arm64/kernel/traps.c
>> > @@ -100,7 +100,7 @@ static void dump_instr(const char *lvl, struct pt_regs *regs)
>> > {
>> > unsigned long addr = instruction_pointer(regs);
>> > mm_segment_t fs;
>> > - char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str;
>> > + char str[sizeof("00000000 ") * 5 + 2 + 1 + 1], *p = str;
>> > int i;
> Whilst this code is difficult to follow, I don't think it's incorrect.
> The size of the str array is:
>
> sizeof("00000000 ") = 8 ('0's) + 1 (space) + 1 (NUL) = 10 bytes
Oh, it is my fault, I miss the "1 (NUL)".
> *5 = 50 bytes
> +2 (for the two brackets when i == 0) = 52 bytes
> +1 (this is for the "bad PC value") = 53 bytes
>
> In the worst case (when the PC is bad) we print:
>
> "%08x " x4 = (8 + 1 + 1) *4 = 40 bytes
Actually, it is 36 bytes, for sprintf() return the length excluding NUL.
(although, we still need notice the last NUL)
> "bad PC value" = 12 + 1 = 13 bytes
>
> so again, 53 bytes.
>
So again, 49 bytes. ;-)
> .. or have I missed a character somewhere?
>
NO, I missed characters, but you 'find' more characters. :-)
All together, this patch is incorrect, original implementation will not
cause issue.
Thanks
--
Chen Gang
Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists