Commit "cifs: fix unaligned accesses in cifsConvertToUCS"
(84cdf74e8096a10dd6acbb870dd404b92f07a756) does multiple steps
in just one commit (moving the function and changing it without testing).
put_unaligned_le16(temp, &target[j]); is never called for any codepoint
the goes via the 'default' switch statement. As a result we put
just zero (or maybe uninitialized) bytes into the target buffer,
Signed-off-by: Stefan Metzmacher <metze@xxxxxxxxx>
---
fs/cifs/cifs_unicode.c | 20 ++++++++++----------
1 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/fs/cifs/cifs_unicode.c b/fs/cifs/cifs_unicode.c
index fc0fd4f..b1ff0bd 100644
--- a/fs/cifs/cifs_unicode.c
+++ b/fs/cifs/cifs_unicode.c
@@ -276,6 +276,7 @@ cifsConvertToUCS(__le16 *target, const char *source, int maxlen,
return cifs_strtoUCS(target, source, PATH_MAX, cp);
for (i = 0, j = 0; i < maxlen; j++) {
+ charlen = 1;
src_char = source[i];
switch (src_char) {
case 0:
@@ -315,18 +316,17 @@ cifsConvertToUCS(__le16 *target, const char *source, int maxlen,
temp = 0x003f;
charlen = 1;
}
- len_remaining -= charlen;
- /*
- * character may take more than one byte in the source
- * string, but will take exactly two bytes in the
- * target string
- */
- i += charlen;
- continue;
+ break;
}
+ /*
+ * character may take more than one byte in the source
+ * string, but will take exactly two bytes in the
+ * target string
+ */
put_unaligned_le16(temp, &target[j]);
- i++; /* move to next char in source string */
- len_remaining--;
+ /* move to next char in source string */
+ i += charlen;
+ len_remaining -= charlen;
}
ctoUCS_out:
--
1.7.0.4
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
