On 05/24/2010 04:55 PM, Eric Blake wrote:
> Phooey. Need a v4; this can fault. If you have "///" ending on a page
> boundary, then...
>
>
>> + bool slash_before = (offset != 0 && cur[-1] == '/');
>> +
>> + /* Skip all extra / */
>> + if (*cur == '/') {
>> + cur++;
>> + continue;
>> + }
>
> ...this advances cur to the '\0', and the next iteration of the nested
> do-while accesses past the trailing NUL when computing slash_follow.
I spoke too soon. I keep forgetting that with a do-while, the continue
still checks the loop condition, rather than blindly jumping to the loop
start.
I'm re-reading the patch in that context, and you may be clean with v3
after all. Sorry for the poor review...
--
Eric Blake eblake@xxxxxxxxxx +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list