From: "Lankhorst, Maarten" <maarten.lankhorst@intel.com>
To: "intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"tomeu.vizoso@collabora.com" <tomeu.vizoso@collabora.com>,
"gustavo.padovan@collabora.com" <gustavo.padovan@collabora.com>,
"daniels@collabora.com" <daniels@collabora.com>,
"robert.foss@collabora.com" <robert.foss@collabora.com>
Subject: Re: [PATCH i-g-t rfc 01/29] lib/igt_debugfs: Prevent buffer overflow
Date: Thu, 12 Jan 2017 18:28:38 +0000 [thread overview]
Message-ID: <1484245717.2171.1.camel@intel.com> (raw)
In-Reply-To: <ecd01ee9-e929-d348-31bb-b472b05f2446@collabora.com>
Robert Foss schreef op do 12-01-2017 om 11:30 [-0500]:
>
> On 2017-01-12 04:14 AM, Lankhorst, Maarten wrote:
> >
> > Robert Foss schreef op wo 11-01-2017 om 15:41 [-0500]:
> > >
> > > buf array may overflow with when writing '\0' if
> > > MAX_LINE_LEN bytes are read during read().
> > How?
> >
> > char buf[MAX_LINE_LEN + 1];
>
> I actually missed the + 1, but parts of the commit are still
> relevant
> though, as the errno at least in theory could be != EAGAIN.
>
> So I'd like to keep the below check, to prevent compiler warnings.
> if (bytes_read < 0)
>
> Sounds ok?
Yes. :)
>
> Rob.
> >
> >
> > >
> > > Signed-off-by: Robert Foss <robert.foss@collabora.com>
> > > ---
> > > lib/igt_debugfs.c | 8 +++++---
> > > 1 file changed, 5 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/lib/igt_debugfs.c b/lib/igt_debugfs.c
> > > index d828687a..8b8a627a 100644
> > > --- a/lib/igt_debugfs.c
> > > +++ b/lib/igt_debugfs.c
> > > @@ -594,13 +594,15 @@ static int read_crc(igt_pipe_crc_t
> > > *pipe_crc,
> > > igt_crc_t *out)
> > > read_len = MAX_LINE_LEN;
> > >
> > > igt_set_timeout(5, "CRC reading");
> > > - bytes_read = read(pipe_crc->crc_fd, &buf, read_len);
> > > + bytes_read = read(pipe_crc->crc_fd, &buf, read_len - 1);
> > > igt_reset_timeout();
> > >
> > > - if (bytes_read < 0 && errno == EAGAIN) {
> > > + if (bytes_read < 0 && errno == EAGAIN)
> > > igt_assert(pipe_crc->flags & O_NONBLOCK);
> > > +
> > > + if (bytes_read < 0)
> > > bytes_read = 0;
> > > - }
> > > +
> > > buf[bytes_read] = '\0';
> > >
> > > if (bytes_read && !pipe_crc_init_from_string(pipe_crc,
> > > out,
> > > buf))
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2017-01-12 18:28 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-11 20:41 [PATCH i-g-t rfc 00/29] lib/igt_kms: Implement dynamic plane count support Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 01/29] lib/igt_debugfs: Prevent buffer overflow Robert Foss
2017-01-12 9:14 ` Lankhorst, Maarten
2017-01-12 16:30 ` Robert Foss
2017-01-12 18:28 ` Lankhorst, Maarten [this message]
2017-01-11 20:41 ` [PATCH i-g-t rfc 02/29] lib/igt_kms: Fixed typo Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 03/29] lib/igt_kms: Implement dynamic plane count support Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 04/29] tests/kms_atomic_transition: Add support for dynamic number of planes Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 05/29] tests/kms_busy: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 06/29] tests/kms_chv_cursor_fail: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 07/29] tests/kms_crtc_background_color: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 08/29] tests/kms_cursor_crc: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 09/29] tests/kms_cursor_legacy: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 10/29] tests/kms_fbc_crc: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 11/29] tests/kms_fence_pin_leak: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 12/29] tests/kms_flip_event_leak: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 13/29] tests/kms_legacy_colorkey: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 14/29] tests/kms_mmap_write_crc: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 15/29] tests/kms_mmio_vs_cs_flip: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 16/29] tests/kms_panel_fitting: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 17/29] tests/kms_pipe_color: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 18/29] tests/kms_plane: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 19/29] tests/kms_plane_multiple: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 20/29] tests/kms_plane_scaling: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 21/29] tests/kms_properties: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 22/29] tests/kms_psr_sink_crc: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 23/29] tests/kms_pwrite_crc: " Robert Foss
2017-01-11 20:41 ` [PATCH i-g-t rfc 24/29] tests/kms_rmfb: " Robert Foss
2017-01-11 20:42 ` [PATCH i-g-t rfc 25/29] tests/kms_rotation_crc: " Robert Foss
2017-01-11 20:42 ` [PATCH i-g-t rfc 26/29] tests/kms_sink_crc_basic: " Robert Foss
2017-01-11 20:42 ` [PATCH i-g-t rfc 27/29] tests/kms_universal_plane: " Robert Foss
2017-01-11 20:42 ` [PATCH i-g-t rfc 28/29] tests/kms_vblank: " Robert Foss
2017-01-11 20:42 ` [PATCH i-g-t rfc 29/29] tests/prime_mmap_kms: " Robert Foss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1484245717.2171.1.camel@intel.com \
--to=maarten.lankhorst@intel.com \
--cc=daniels@collabora.com \
--cc=gustavo.padovan@collabora.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=robert.foss@collabora.com \
--cc=tomeu.vizoso@collabora.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.