| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Jul 2019 18:58:50 +0800
From: Chuhong Yuan <hslester96@...il.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: LKML <linux-kernel@...r.kernel.org>, Marc Zyngier <maz@...nel.org>
Subject: Re: [PATCH 05/12] genirq/debugfs: Replace strncmp with str_has_prefix
Thomas Gleixner <tglx@...utronix.de> 于2019年7月30日周二 下午5:17写道:
>
> On Mon, 29 Jul 2019, Chuhong Yuan wrote:
>
> > strncmp(str, const, len) is error-prone.
> > We had better use newly introduced
> > str_has_prefix() instead of it.
>
> Can you please provide a proper explanation why the below strncmp() is
> error prone?
>
If the size is less than 7, for example, 2, then even if buf is "tr", the
result will still be true. This is an error.
strncmp(str, const, len) is error-prone mainly because the len is easy
to be wrong.
> Just running a script and copying some boiler plate changelog saying
> 'strncmp() is error prone' does not cut it.
>
> > - if (!strncmp(buf, "trigger", size)) {
> > + if (str_has_prefix(buf, "trigger")) {
>
> Especially when the resulting code is not equivalent.
>
I think here the semantic is the comparison should only return true
when buf is "trigger".
The buf's size is 8 and the string's size is at most 7.
Since str_has_prefix()'s implementation is strncmp(str, prefix, strlen(prefix)),
here strlen(prefix) = 7, I think it satisfies the requirement.
Regards,
Chuhong
> Thanks,
>
> tglx
Powered by blists - more mailing lists