[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-parisc
Subject:    =?UTF-8?B?UmU6IFtQQVRDSCBsaW51eC1uZXh0XSBwYXJpc2M6IHVzZSBzdHJzY3B5KCkgdG8gaW5zdGVhZCBvZiBzdHJuY3B5KC
From:       <yang.yang29 () zte ! com ! cn>
Date:       2022-12-28 1:25:45
Message-ID: 202212280925459299284 () zte ! com ! cn
[Download RAW message or body]

> the array buf[] is actually buf[count], so if count < 64 then
> sizeof(buf) < sizeof(in) and you're copying whatever is after buf on
> the stack or wherever it comes from. The amount you copy into in[]
> truly has to be the smaller of count and sizeof(in).  These are file
> operations, so you shouldn't rely on buf[] being null terminated
> (kernfs ensures it is, but it's a dangerous thing to rely on in the
> face of someone trying to exploit a stack smashing attack).

Should we send patchv3 which is back to v1, or we directly use
patchv1 to continue the reviewing?

Thanks!
[prev in list] [next in list] [prev in thread] [next in thread]