+ hexdump-truncate-output-in-case-of-overflow.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled
     Subject: lib/hexdump.c: truncate output in case of overflow
has been added to the -mm tree.  Its filename is
     hexdump-truncate-output-in-case-of-overflow.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/hexdump-truncate-output-in-case-of-overflow.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/hexdump-truncate-output-in-case-of-overflow.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Subject: lib/hexdump.c: truncate output in case of overflow

There is a classical off-by-one error in case when we try to place, for
example, 1+1 bytes as hex in the buffer of size 6.  The expected result is
to get an output truncated, but in the reality we get 6 bytes filed
followed by terminating NUL.

Change the logic how we fill the output in case of byte dumping into
limited space.  This will follow the snprintf() behaviour by truncating
output even on half bytes.

Fixes: 114fc1afb2de (hexdump: make it return number of bytes placed in buffer)
Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
Reported-by: Aaro Koskinen <aaro.koskinen@xxxxxxxxx>
Tested-by: Aaro Koskinen <aaro.koskinen@xxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 lib/hexdump.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff -puN lib/hexdump.c~hexdump-truncate-output-in-case-of-overflow lib/hexdump.c
--- a/lib/hexdump.c~hexdump-truncate-output-in-case-of-overflow
+++ a/lib/hexdump.c
@@ -169,11 +169,15 @@ int hex_dump_to_buffer(const void *buf,
 		}
 	} else {
 		for (j = 0; j < len; j++) {
-			if (linebuflen < lx + 3)
+			if (linebuflen < lx + 2)
 				goto overflow2;
 			ch = ptr[j];
 			linebuf[lx++] = hex_asc_hi(ch);
+			if (linebuflen < lx + 2)
+				goto overflow2;
 			linebuf[lx++] = hex_asc_lo(ch);
+			if (linebuflen < lx + 2)
+				goto overflow2;
 			linebuf[lx++] = ' ';
 		}
 		if (j)
_

Patches currently in -mm which might be from andriy.shevchenko@xxxxxxxxxxxxxxx are

fs-proc-arrayc-set-overflow-flag-in-case-of-error.patch
hexdump-truncate-output-in-case-of-overflow.patch
fs-seq_file-use-seq_-helpers-in-seq_hex_dump.patch
seq_file-re-use-string_escape_str.patch

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]