On 2019-02-05, Andy Shevchenko wrote:
> On Sun, Feb 3, 2019 at 9:04 PM Mattias Jacobsson <2pi@xxxxxx> wrote:
> > On 2019-01-30, Andy Shevchenko wrote:
> > > On Wed, Jan 30, 2019 at 5:15 PM Mattias Jacobsson <2pi@xxxxxx> wrote:
>
> > > > + if (len < 0 || len >= 500) {
> > >
> > > Would it even possible to get a negative number here?
> > > Same for any other number than slightly bigger than 36.
> >
> > snprintf returns a negative number on error. BTW AFAIU the code from
> > file2alias.c gets dynamically linked against a libc.
>
> OK.
>
> > > So, what about simple
> > >
> > > {
> > > DEF_FIELD_ADDR(...);
> > > size_t len;
> > >
> > > len = strlen(*guid_string);
> > > if (len != ...) {
> > > ...
> > > }
> > > sprintf(...);
> > > return 1;
> > > }
> > >
> > > ?
> >
> > Then we are missing the check that we are within the bounds of alias
>
> I don't see how. By checking a length of string we be sure, that the
> result would have a non-arbitrary length.
If you do s/500/ALIAS_SIZE/ on the patch? My code is written with that
in mind, I guess that wasn't totally clear.
BTW I've posted [1] to introduce the ALIAS_SIZE macro.
[1]: https://lore.kernel.org/lkml/20190207123022.7961-1-2pi@xxxxxx/
>
> > as well as the negative code from s*printf(). snprintf() does this nicely
> > for us.
>
> This one I agree with, means in the above example we may do
>
> return sprintf(...);
>
> if callers recognize just a sign, or
>
> len = sprintf(...);
> if (len < 0)
> return len; // -1? 0?
>
> return 1;
>
> otherwise.
Great
>
> --
> With Best Regards,
> Andy Shevchenko
Thanks,
Mattias
