Hi, > Indeed, excuse my brainfart. Looking at the rest of the function I > agree it needs fixing, Unless Andrey can correct us. > > I'm not quite sure about this fix. String functions normally do > something reasonable when a length of 0 is passed. It looks like this > fixed version implements "length 0 is a special value meaning no > limit" :-) due to arithmetic underflow. *g* Well, on the one hand: You can not really do anything "sensible" (except for an exit(), maybe) with a len of 0, assuming that len is supposed to specify the amount of memory available at to, and that the function is supposed to place a C string at to: C strings have a minimum memory requirement of 1 byte. If some code accidentally passes a len of 0, I would expect it to be rather unlikely that it subsequently would handle correctly the special case that there is no C string at to, and thus it would sooner or later break in some rather nasty way anyhow. On the other hand: My rather subjective impression is that it's kindof a basic assumption in the udev code that memory objects or strings won't have a size of 0. So, there at least were a few places that looked somewhat suspicious to me, but I couldn't really tell whether the assumptions made by the code would be met. Maybe somebody with a deeper understanding of the code wants to have a look at that? The same analogously applies for sizes close to the maximum of the respective parameter types ... Oh, and while we are at it: The udev code seems to be a bit undecided as to whether memory allocation on the heap can fail. > Oh - and reading code this closely usually is boring. Especially when > you're scanning, and don't necessarily have much idea of the bigger > picture. Auditting edge-case stability is even less exciting than > auditting security. So thanks for lending a fresh set of eyeballs for > a while! That part really was directed more at the people who thought that flaming and referring me to google was the way to handle bug reports, but thanks ;-) Florian -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
