On Wed, Oct 22, 2014 at 01:53:15PM +0000, Drokin, Oleg wrote: > Hello! > > On Oct 22, 2014, at 6:32 AM, Dan Carpenter wrote: > >> In that case, size == 0 seems to be the wrong value size for an lov param > >> as well. > > I don't know about this. The code is very clear that size == 0 is > > acceptable inside the if statement. Oleg? > > I am not sure what if statement do you mean? > If it's the "if ((strncmp(name, XATTR_TRUSTED_PREFIX," one then size of 0 > does seem to be incorrect: > > struct lov_user_md *lump = (struct lov_user_md *)value; > // (I hope this is not a user pointer?) It's not. > … > if (lump != NULL && lump->lmm_stripe_offset == 0) > lump->lmm_stripe_offset = -1; > // So, if lump is 0, we are already accessing past allowed range If size is zero then lump is NULL and the existing code is very careful to test for that and avoid NULL dereferences. I think that Andrew is saying at it doesn't make sense for lump to be NULL. Anyway, let me send a v2 which fixes the bug and leaves lump == NULL as is. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
