[Xen-devel] Re: [PATCH 1/4] extract vmcoreinfo from /proc/vmcore

On Mon, Mar 31, 2008 at 01:25:19PM +0900, Itsuro ODA wrote:
> This patch is for xen-3.2.0.
> 
> --- common/kexec.c.org        2008-03-25 09:29:39.000000000 +0900
> +++ common/kexec.c    2008-03-28 12:50:33.000000000 +0900
> @@ -43,6 +43,9 @@

[snip]

> +void vmcoreinfo_append_str(const char *fmt, ...)
> +{
> +    va_list args;
> +    char buf[0x50];
> +    int r;
> +    size_t note_size = sizeof(Elf_Note) + 
> ELFNOTE_ALIGN(strlen(VMCOREINFO_NOTE_NAME) + 1);
> +
> +    va_start(args, fmt);
> +    r = vsnprintf(buf, sizeof(buf), fmt, args);
> +    va_end(args);
> +
> +    if (r + vmcoreinfo_size + note_size > VMCOREINFO_BYTES)
> +     r = VMCOREINFO_BYTES - vmcoreinfo_size - note_size;
> +
> +    memcpy(&vmcoreinfo_data[note_size + vmcoreinfo_size], buf, r);
> +
> +    vmcoreinfo_size += r;
> +}

Hi Oda-san,

It looks like it is possible for both vsnprintf() and
the "if (r + vmcoreinfo_size + note_size > VMCOREINFO_BYTES)" logic
to truncate a feild. Is this likely to be a problem in practice,
or is the code just guarding against malformed input?

Also, this code looks like it will be need to up-ported due to changes
that I recently made to common/kexec.c and the range fetching portion of
the hypercall in unstable.  This shouldn't be a big deal, just something
that is worth mentioning.

-- 
Horms

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[Xen-devel] [PATCH 4/4] extract vmcoreinfo from /proc/vmcore for Xen, Itsuro ODA

Next by Date:

[Xen-devel] Re: [PATCH 3/4] extract vmcoreinfo from /proc/vmcore for Xen, Simon Horman

Previous by Thread:

[Xen-devel] [PATCH 1/4] extract vmcoreinfo from /proc/vmcore for Xen, Itsuro ODA

Next by Thread:

[Xen-devel] Re: [PATCH 1/4] extract vmcoreinfo from /proc/vmcore for Xen, Itsuro ODA

Indexes:

[Date] [Thread] [Top] [All Lists]