All of lore.kernel.org
 help / color / mirror / Atom feed
From: walter harms <wharms@bfs.de>
To: kernel-janitors@vger.kernel.org
Subject: Re: [net-next:master 96/108] net/tipc/node.c:258 tipc_node_detach_link() error: buffer overflow 'n_p
Date: Fri, 14 Feb 2014 09:53:12 +0000	[thread overview]
Message-ID: <52FDE788.8010804@bfs.de> (raw)
In-Reply-To: <20140214082644.GY26776@mwanda>



Am 14.02.2014 09:26, schrieb Dan Carpenter:
> This is a style question and not a real bug:
> 
> Which is better:
> 
> OPTION #1: ignore static checker warnings
> 
> 	for (i = 0; i < ARRAY_SIZE(x); i++) {
> 		if (found)
> 			break;
> 	}
> 	x[i] = 0;
> 
> 
> OPTION #2: stop on the last element
> 
> 	for (i = 0; i < ARRAY_SIZE(x) - 1; i++) {
> 		if (found)
> 			break;
> 	}
> 	x[i] = 0;
> 
> 
> OPTION #3: add a bogus error test
> 
> 	for (i = 0; i < ARRAY_SIZE(x); i++) {
> 		if (found)
> 			break;
> 	}
> 	if (i = ARRAY_SIZE(x))
> 		return;
> 	x[i] = 0;

OPTION #3a

for (i = 0; i < ARRAY_SIZE(x); i++) {
 		if (found)
			goto found;
 	}
 	return;
found:
	x[i] = 0;

> OPTION #4: convoluted code
> 
> 	for (i = 0; i < ARRAY_SIZE(x); i++) {
> 		if (!found)
> 			continue;
> 		x[i] = 0;
> 		break;
> 	}
> 
> It's not clear to me what the right answer is...



i prefer a variation of #4

 if (found) { x[i] = 0; break; }

reason:
1. ppl are bad with (!)
2. it is clear what happens if found
3. no side effects; i=ARRAY_SIZE(x) when nothing is found in loop
   so using x[i] may cause trouble.

Of cause there is not THE answer in cases where {} is large
you need a different solution.

re,
 wh

> regards,
> dan carpenter
> 
> -----
> 
> Hi Jon,
> 
> FYI, there are new smatch warnings show up in
> 
> tree:   git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git master
> head:   d4f2fa6ad61ec1db713569a179183df4d0fc6ae7
> commit: 7d33939f475d403e79124e3143d7951dcfe8629f [96/108] tipc: delay delete of link when failover is needed
> :::::: branch date: 5 hours ago
> :::::: commit date: 5 hours ago
> 
> net/tipc/node.c:258 tipc_node_detach_link() error: buffer overflow 'n_ptr->links' 2 <= 2
> 
> git remote add net-next git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
> git remote update net-next
> git checkout 7d33939f475d403e79124e3143d7951dcfe8629f
> vim +258 net/tipc/node.c
> 
> b97bf3fd Per Liden       2006-01-02  242  
> a18c4bc3 Paul Gortmaker  2011-12-29  243  void tipc_node_attach_link(struct tipc_node *n_ptr, struct tipc_link *l_ptr)
> b97bf3fd Per Liden       2006-01-02  244  {
> 37b9c08a Allan Stephens  2011-02-28  245  	n_ptr->links[l_ptr->b_ptr->identity] = l_ptr;
> 37b9c08a Allan Stephens  2011-02-28  246  	atomic_inc(&tipc_num_links);
> 37b9c08a Allan Stephens  2011-02-28  247  	n_ptr->link_cnt++;
> b97bf3fd Per Liden       2006-01-02  248  }
> b97bf3fd Per Liden       2006-01-02  249  
> a18c4bc3 Paul Gortmaker  2011-12-29  250  void tipc_node_detach_link(struct tipc_node *n_ptr, struct tipc_link *l_ptr)
> b97bf3fd Per Liden       2006-01-02  251  {
> 7d33939f Jon Paul Maloy  2014-02-13  252  	int i;
> 7d33939f Jon Paul Maloy  2014-02-13  253  
> 7d33939f Jon Paul Maloy  2014-02-13  254  	for (i = 0; i < MAX_BEARERS; i++) {
> 7d33939f Jon Paul Maloy  2014-02-13  255  		if (l_ptr = n_ptr->links[i])
> 7d33939f Jon Paul Maloy  2014-02-13  256  			break;
> 7d33939f Jon Paul Maloy  2014-02-13  257  	}
> 7d33939f Jon Paul Maloy  2014-02-13 @258  	n_ptr->links[i] = NULL;
> d1bcb115 Allan Stephens  2011-02-25  259  	atomic_dec(&tipc_num_links);
> b97bf3fd Per Liden       2006-01-02  260  	n_ptr->link_cnt--;
> b97bf3fd Per Liden       2006-01-02  261  }
> b97bf3fd Per Liden       2006-01-02  262  
> 6c00055a David S. Miller 2008-09-02  263  static void node_established_contact(struct tipc_node *n_ptr)
> b97bf3fd Per Liden       2006-01-02  264  {
> 51a8e4de Allan Stephens  2010-12-31  265  	tipc_k_signal((Handler)tipc_named_node_up, n_ptr->addr);
> c64f7a6a Jon Maloy       2012-11-16  266  	n_ptr->bclink.oos_state = 0;
> 
> ---
> 0-DAY kernel build testing backend              Open Source Technology Center
> http://lists.01.org/mailman/listinfo/kbuild                 Intel Corporation
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

  reply	other threads:[~2014-02-14  9:53 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-14  8:26 [net-next:master 96/108] net/tipc/node.c:258 tipc_node_detach_link() error: buffer overflow 'n_ptr-> Dan Carpenter
2014-02-14  9:53 ` walter harms [this message]
2014-02-14 15:55 ` [net-next:master 96/108] net/tipc/node.c:258 tipc_node_detach_link() error: buffer overflow 'n_p Jon Maloy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52FDE788.8010804@bfs.de \
    --to=wharms@bfs.de \
    --cc=kernel-janitors@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.