Hello!
On Oct 22, 2014, at 6:32 AM, Dan Carpenter wrote:
>> In that case, size == 0 seems to be the wrong value size for an lov param
>> as well.
> I don't know about this. The code is very clear that size == 0 is
> acceptable inside the if statement. Oleg?
I am not sure what if statement do you mean?
If it's the "if ((strncmp(name, XATTR_TRUSTED_PREFIX," one then size of 0
does seem to be incorrect:
struct lov_user_md *lump = (struct lov_user_md *)value;
// (I hope this is not a user pointer?)
…
if (lump != NULL && lump->lmm_stripe_offset == 0)
lump->lmm_stripe_offset = -1;
// So, if lump is 0, we are already accessing past allowed range
…
int lum_size = (lump->lmm_magic == LOV_USER_MAGIC_V1) ?
and again…
Bye,
Oleg
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
