* Patch "lib/hexdump.c: truncate output in case of overflow" has been added to the 4.3-stable tree
@ 2016-02-12 21:00 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-02-12 21:00 UTC (permalink / raw)
To: andriy.shevchenko, aaro.koskinen, akpm, catalin.marinas, gregkh,
torvalds, viro
Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
lib/hexdump.c: truncate output in case of overflow
to the 4.3-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
lib-hexdump.c-truncate-output-in-case-of-overflow.patch
and it can be found in the queue-4.3 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 9f029f540c2f7e010e4922d44ba0dfd05da79f88 Mon Sep 17 00:00:00 2001
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Date: Fri, 6 Nov 2015 16:31:31 -0800
Subject: lib/hexdump.c: truncate output in case of overflow
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
commit 9f029f540c2f7e010e4922d44ba0dfd05da79f88 upstream.
There is a classical off-by-one error in case when we try to place, for
example, 1+1 bytes as hex in the buffer of size 6. The expected result is
to get an output truncated, but in the reality we get 6 bytes filed
followed by terminating NUL.
Change the logic how we fill the output in case of byte dumping into
limited space. This will follow the snprintf() behaviour by truncating
output even on half bytes.
Fixes: 114fc1afb2de (hexdump: make it return number of bytes placed in buffer)
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reported-by: Aaro Koskinen <aaro.koskinen@nokia.com>
Tested-by: Aaro Koskinen <aaro.koskinen@nokia.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/hexdump.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/lib/hexdump.c
+++ b/lib/hexdump.c
@@ -169,11 +169,15 @@ int hex_dump_to_buffer(const void *buf,
}
} else {
for (j = 0; j < len; j++) {
- if (linebuflen < lx + 3)
+ if (linebuflen < lx + 2)
goto overflow2;
ch = ptr[j];
linebuf[lx++] = hex_asc_hi(ch);
+ if (linebuflen < lx + 2)
+ goto overflow2;
linebuf[lx++] = hex_asc_lo(ch);
+ if (linebuflen < lx + 2)
+ goto overflow2;
linebuf[lx++] = ' ';
}
if (j)
Patches currently in stable-queue which might be from andriy.shevchenko@linux.intel.com are
queue-4.3/lib-hexdump.c-truncate-output-in-case-of-overflow.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-02-12 21:00 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-12 21:00 Patch "lib/hexdump.c: truncate output in case of overflow" has been added to the 4.3-stable tree gregkh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.