On Wed, 26 Nov 2014 17:06:21 +0300
Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> This check says "goto out;" if we had to truncate the string.
>
> The "tbuffer" buffer has TRACE_BUF_SIZE bytes. The vsnprintf() function
> returns the number of characters (not counting the NUL char) which would
> have been printed if there were space. If we we tried to print
> TRACE_BUF_SIZE characters, the last character would have been truncated
> to make space for the NUL character so we should "goto out;".
>
> My other concern here was that a few lines later we do:
>
> entry->buf[len] = '\0';
>
> I worried that maybe we were putting the NUL char past the end of the
> array but I wasn't smart enough to figure out the size of entry->buf[].
entry is of type struct print_entry *, which is defined by macro magic
(sorry), and would look like this:
struct print_entry {
unsigned long ip;
char buf[];
};
But then it is allocated like so:
size = sizeof(*entry) + len + 1;
event = trace_buffer_lock_reserve(buffer, TRACE_PRINT, size,
flags, pc);
entry = ring_buffer_event_data(event);
Now that size is the key. The "len + 1" covers the string. Which means
entry->buf[len] = '\0';
is fine.
-- Steve
>
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index 42a822d..22af2ae 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -2161,7 +2161,7 @@ __trace_array_vprintk(struct ring_buffer *buffer,
> }
>
> len = vsnprintf(tbuffer, TRACE_BUF_SIZE, fmt, args);
> - if (len > TRACE_BUF_SIZE)
> + if (len >= TRACE_BUF_SIZE)
> goto out;
>
> local_save_flags(flags);
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
