[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-parisc
Subject: =?UTF-8?B?UmU6IFtQQVRDSCBsaW51eC1uZXh0XSBwYXJpc2M6IHVzZSBzdHJzY3B5KCkgdG8gaW5zdGVhZCBvZiBzdHJuY3B5KC
From: <yang.yang29 () zte ! com ! cn>
Date: 2022-12-28 1:25:45
Message-ID: 202212280925459299284 () zte ! com ! cn
[Download RAW message or body]
> the array buf[] is actually buf[count], so if count < 64 then
> sizeof(buf) < sizeof(in) and you're copying whatever is after buf on
> the stack or wherever it comes from. The amount you copy into in[]
> truly has to be the smaller of count and sizeof(in). These are file
> operations, so you shouldn't rely on buf[] being null terminated
> (kernfs ensures it is, but it's a dangerous thing to rely on in the
> face of someone trying to exploit a stack smashing attack).
Should we send patchv3 which is back to v1, or we directly use
patchv1 to continue the reviewing?
Thanks!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic