[PATCH] makedumpfile: Fix string append in dump_log_entry()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> Hello Petr,
>
>Hello Kumagai-san,
>
>> >To quote the sprintf(3) man page:
>> >
>> >    Some programs imprudently rely on code such as the following
>> >
>> >        sprintf(buf, "%s some further text", buf);
>> >
>> >    to append text to buf.  However, the standards explicitly note that
>> >    the results are undefined if source and destination buffers overlap
>> >    when calling sprintf(), snprintf(), vsprintf(), and vsnprintf().
>> >    Depending on the version of gcc(1) used, and the compiler options
>> >    employed, calls such as the above will not produce the expected results.
>> >
>> >The original code is actually miscompiled on openSUSE 13.1.
>> >
>> >It's also overkill to call sprintf() for something that can be done
>> >with a simple assignment.
>> >
>> >Signed-off-by: Petr Tesarik <ptesarik at suse.cz>
>>
>> Thanks, it seems good to me.
>>
>> Actually, Nick sent the same patch in last July and we tried to
>> take care of buffer overflow at the same time as below:
>>
>> http://lists.infradead.org/pipermail/kexec/2013-August/009430.html
>>
>> However, this thread has been left open, so I was wondering if you
>> could take over this work. Of course you can decline this, then I'll
>> do it later as another patch.
>
>I don't mind taking over this work, but I don't think it's a good thing
>to combine the buffer overflow fix with the sprintf buffer overlap
>fix.
>
>What is the expected plan? Are you waiting for me to send a two-patch
>series now?

Yes, I agree with separating the two fixes.
Thanks for your help !


Atsushi Kumagai

>Petr Tesarik
>
>_______________________________________________
>kexec mailing list
>kexec at lists.infradead.org
>http://lists.infradead.org/mailman/listinfo/kexec



[Index of Archives]     [LM Sensors]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux