JeffleXu <jefflexu@xxxxxxxxxxxxxxxxx> wrote:
> > + /* If the path is usable ASCII, then we render it directly */
> > + if (print) {
> > + len = 1 + keylen + 1;
> > + name = kmalloc(len, GFP_KERNEL);
> > + if (!name)
> > + return false;
> > +
> > + name[0] = 'D'; /* Data object type, string encoding */
> > + name[1 + keylen] = 0;
> > + memcpy(name + 1, key, keylen);
> > + goto success;
> ^
> If we goto success from here,
> ...
> > +
> > +success:
> > + name[len] = 0;
> ^
> then it seems that this will cause an out-of-boundary access.
You're right. I'll change that to:
len = 1 + keylen;
name = kmalloc(len + 1, GFP_KERNEL);
and I shouldn't need:
name[1 + keylen] = 0;
as that's also done after the success label.
David
