Hi, On Mon, Apr 22, 2024 at 9:37 AM Daniel Thompson <daniel.thompson@xxxxxxxxxx> wrote: > > Currently, when the user attempts symbol completion with the Tab key, kdb > will use strncpy() to insert the completed symbol into the command buffer. > Unfortunately it passes the size of the source buffer rather than the > destination to strncpy() with predictably horrible results. Most obviously > if the command buffer is already full but cp, the cursor position, is in > the middle of the buffer, then we will write past the end of the supplied > buffer. > > Fix this by replacing the dubious strncpy() calls with memmove()/memcpy() > calls plus explicit boundary checks to make sure we have enough space > before we start moving characters around. > > Reported-by: Justin Stitt <justinstitt@xxxxxxxxxx> > Closes: https://lore.kernel.org/all/CAFhGd8qESuuifuHsNjFPR-Va3P80bxrw+LqvC8deA8GziUJLpw@xxxxxxxxxxxxxx/ > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Daniel Thompson <daniel.thompson@xxxxxxxxxx> > --- > kernel/debug/kdb/kdb_io.c | 21 +++++++++++++-------- > 1 file changed, 13 insertions(+), 8 deletions(-) Boy, this function (and especially the tab handling) is hard to read. I spent a bit of time trying to grok it and, as far as I can tell, your patch makes things better and I don't see any bugs. Reviewed-by: Douglas Anderson <dianders@xxxxxxxxxxxx>
