Hi Xiang, On 2019/2/18 10:17, Gao Xiang wrote: > Hi Chao, > > On 2019/2/18 9:39, Chao Yu wrote: >> If the image is corrupted, qn->name[i] may be anything, as you commented >> above DBG_BUGON(), we really don't need to go through any later codes, it >> can avoid potentially encoutnering wrong condition. >> >> * otherwise, it will return 1 to just skip the invalid name >> > > Just I commented in the following source code, qn is actually the user requested > name allocated in __d_alloc, which can be guaranteed with the trailing '\0' and > it is a valid string. Alright, I agreed below codes can guarantee that. :) Thanks, > > Thanks, > Gao Xiang > >>>>> + >>>>> + /* qd could not have trailing '\0' */ >>>>> + /* However it is absolutely safe if < qd->end */ >>>>> + while (qd->name + i < qd->end && qd->name[i] != '\0') { >>>>> + if (qn->name[i] != qd->name[i]) { >>>>> + *matched = i; >>>>> + return qn->name[i] > qd->name[i] ? 1 : -1; >>>>> } >>>>> - return (qn->len > qd->len); >>>>> + ++i; >>>>> } >>>>> - >>>>> - if (qn->name[i] != qd->name[i]) { >>>>> - *matched = i; >>>>> - return qn->name[i] > qd->name[i] ? 1 : -1; >>>>> - } >>>>> - >>>>> - ++i; >>>>> - goto loop; >>>>> + *matched = i; >>>>> + /* See comments in __d_alloc on the terminating NUL character */ >>>>> + return qn->name[i] == '\0' ? 0 : 1; >>>>> } > > . >