On Tue, Jan 06, 2015 at 02:04:02PM +0100, Dominique Martinet wrote:
> Hi,
>
> Kirill A. Shutemov wrote on Tue, Dec 30, 2014 at 02:48:09AM +0200:
> > @@ -273,7 +273,7 @@ p9pdu_vreadf(struct p9_fcall *pdu, int proto_version, const char *fmt,
> > }
> > break;
> > case 'R':{
> > - int16_t *nwqid = va_arg(ap, int16_t *);
> > + uint16_t *nwqid = va_arg(ap, uint16_t *);
> > struct p9_qid **wqids =
> > va_arg(ap, struct p9_qid **);
> >
>
> Good find there!
>
> Given we also have pdu->size, would it make sense to check nwqid through
> this?
> I'd need to check but I'd assume we should always have, after reading
> nwqid, pdu->size - pdu->offset >= *nwqid * 13 (size of qid on the wire)
Other option is to ask caller for upper limit. Since it's reply to Twalk
request, we should never see nwqid > nwname on request.
--
Kirill A. Shutemov
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
