On Mon, Jun 14, 2021 at 14:30:26 +0200, Michal Prívozník wrote: > On 6/14/21 2:26 PM, Peter Krempa wrote: > > On Mon, Jun 14, 2021 at 14:14:47 +0200, Michal Prívozník wrote: > >> On 6/14/21 1:31 PM, Tim Wiederhake wrote: > >>> On Mon, 2021-06-14 at 13:06 +0200, Michal Privoznik wrote: > >>>> In a few occasions in tests we pass INT_MAX to > >>>> virFileReadLimFD(). This is not safe because virFileReadAll() > >>>> will call virFileReadLimFD() under the hood which takes the limit > >>>> and adds 1 to it. > >>> > >>> Calling virFileReadAll with "INT_MAX - 1" looks funny. Is it possible > >>> to check for "maxlen >= INT_MAX" in virFileReadLimFD instead? > >> > >> Actually, I don't understand why we need to add 1 in the first place. > >> I'll push the other two patches and send v2 for this that removes the +1. > > > > It's so that it guarantees that a file of 'maxlen' length is read > > completely and the terminating '\0' is in the resulting string. > > > > Removing the '+ 1' would change this kind of semantics, which may > > require audit of all callers. > > > > I'm not sure that's correct behaviour. I mean, if I specify that the > limit should be X, then at the most X bytes should be read, not X+1. > > Also, virFileReadLimFD() uses saferead_lim() which upon successful > return makes sure the returned string is properly terminated. saferead_lim indeed terminates the string properly. virFileReadLimFD uses the '+ 1' to see whether there are exactly "maxlen" chars in the file or potentially more than that. That's why it actually reads 1 more than the requested maximum. Whether that makes sense is obviously questionable and will require audit of all callers
