On Wed, 21 Apr 2010 18:36:05 -0400 "J. Bruce Fields" <bfields@xxxxxxxxxxxx> wrote: > > Hm, I guess even when argp->end is wrong, argp->p is always set to > > something sane; so on the next READ_BUF(), when you hit the > > > > nbytes <= (u32)((char *)argp->end - (char *)argp->p > > > > case, you do > > > > p = argp->p; > > argp->p += XDR_QUADLEN(nbytes); > > > > and p is something reasonable. "end" stays wrong, but that won't be a > > problem until you run past the end of the *next* page, which it would > > take a very unusual compound to do. Yes, it would not be an easy bug to trigger ... it takes away some of the thrill of finding a bug when you discover that it only affects a corner case that never ever happens :-( > > (Nevertheless: applied, for 2.6.34 and stable.) Thanks. NeilBrown -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
