Re: [PATCH] mm/damon: Adjust the size of kbuf array to avoid overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Xin,

On Wed, 13 Oct 2021 19:48:54 +0800 Xin Hao <xhao@xxxxxxxxxxxxxxxxx> wrote:

> In order to avoid the 'count' size space of kbuf array is
> used up, but a "\0" is still added.

Thank you for this patch! :)

But... I unsure how this can cause a buffer overflow, as 'kbuf' is accessed by
only size-specified functions, namely 'scnprintf()' and
'simple_read_from_buffer()'.

If I'm missing something, please feel free to let me know.


Thanks,
SJ

> 
> Signed-off-by: Xin Hao <xhao@xxxxxxxxxxxxxxxxx>
> ---
>  mm/damon/dbgfs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/damon/dbgfs.c b/mm/damon/dbgfs.c
> index faee070977d8..20c61eed54af 100644
> --- a/mm/damon/dbgfs.c
> +++ b/mm/damon/dbgfs.c
> @@ -247,7 +247,7 @@ static ssize_t dbgfs_kdamond_pid_read(struct file *file,
>  	char *kbuf;
>  	ssize_t len;
>  
> -	kbuf = kmalloc(count, GFP_KERNEL);
> +	kbuf = kmalloc(count + 1, GFP_KERNEL);
>  	if (!kbuf)
>  		return -ENOMEM;
>  
> -- 
> 2.31.0
> 




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux