* [PATCH] vsprintf: Make sure argument to %*ph/%pv is valid
@ 2015-02-10 21:44 Boris Ostrovsky
2015-02-10 21:49 ` Andrew Cooper
0 siblings, 1 reply; 4+ messages in thread
From: Boris Ostrovsky @ 2015-02-10 21:44 UTC (permalink / raw)
To: ian.campbell, ian.jackson, jbeulich, keir, tim; +Cc: boris.ostrovsky, xen-devel
If NULL pointer is passed for these specifiers then print '-'
or 'd-v-'.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
---
xen/common/vsprintf.c | 19 +++++++++++++++++++
1 files changed, 19 insertions(+), 0 deletions(-)
diff --git a/xen/common/vsprintf.c b/xen/common/vsprintf.c
index 065cc42..84cfa85 100644
--- a/xen/common/vsprintf.c
+++ b/xen/common/vsprintf.c
@@ -280,6 +280,13 @@ static char *pointer(char *str, char *end, const char **fmt_ptr,
/* Consumed 'h' from the format string. */
++*fmt_ptr;
+ if ( hex_buffer == NULL )
+ {
+ if ( str < end )
+ *str++ = '-';
+ return str;
+ }
+
/* Bound user count from %* to between 0 and 64 bytes. */
if ( field_width <= 0 )
return str;
@@ -338,6 +345,18 @@ static char *pointer(char *str, char *end, const char **fmt_ptr,
++*fmt_ptr;
if ( str < end )
*str = 'd';
+ if ( v == NULL )
+ {
+ /* If v is NULL then print 'd-v-' */
+ str++;
+ if ( str < end )
+ *str++ = '-';
+ if ( str < end )
+ *str++ = 'v';
+ if ( str < end )
+ *str++ = '-';
+ return str;
+ }
str = number(str + 1, end, v->domain->domain_id, 10, -1, -1, 0);
if ( str < end )
*str = 'v';
--
1.7.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] vsprintf: Make sure argument to %*ph/%pv is valid
2015-02-10 21:44 [PATCH] vsprintf: Make sure argument to %*ph/%pv is valid Boris Ostrovsky
@ 2015-02-10 21:49 ` Andrew Cooper
2015-02-10 21:55 ` Boris Ostrovsky
2015-02-11 8:27 ` Jan Beulich
0 siblings, 2 replies; 4+ messages in thread
From: Andrew Cooper @ 2015-02-10 21:49 UTC (permalink / raw)
To: Boris Ostrovsky, ian.campbell, ian.jackson, jbeulich, keir, tim; +Cc: xen-devel
On 10/02/2015 21:44, Boris Ostrovsky wrote:
> If NULL pointer is passed for these specifiers then print '-'
> or 'd-v-'.
>
> Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Instead of special casing each custom format, I would be tempted just to
put the switch() in an if(arg) conditional, and fall back to the regular
number for a NULL pointer, or go along the glibc route and print "(NULL)".
I presume you found this by falling over a NULL pointer while
debugging? I can't see a legitimate reason for formally supporting NULL
pointers in each context, but crashing is certainly better avoided.
~Andrew
> ---
> xen/common/vsprintf.c | 19 +++++++++++++++++++
> 1 files changed, 19 insertions(+), 0 deletions(-)
>
> diff --git a/xen/common/vsprintf.c b/xen/common/vsprintf.c
> index 065cc42..84cfa85 100644
> --- a/xen/common/vsprintf.c
> +++ b/xen/common/vsprintf.c
> @@ -280,6 +280,13 @@ static char *pointer(char *str, char *end, const char **fmt_ptr,
> /* Consumed 'h' from the format string. */
> ++*fmt_ptr;
>
> + if ( hex_buffer == NULL )
> + {
> + if ( str < end )
> + *str++ = '-';
> + return str;
> + }
> +
> /* Bound user count from %* to between 0 and 64 bytes. */
> if ( field_width <= 0 )
> return str;
> @@ -338,6 +345,18 @@ static char *pointer(char *str, char *end, const char **fmt_ptr,
> ++*fmt_ptr;
> if ( str < end )
> *str = 'd';
> + if ( v == NULL )
> + {
> + /* If v is NULL then print 'd-v-' */
> + str++;
> + if ( str < end )
> + *str++ = '-';
> + if ( str < end )
> + *str++ = 'v';
> + if ( str < end )
> + *str++ = '-';
> + return str;
> + }
> str = number(str + 1, end, v->domain->domain_id, 10, -1, -1, 0);
> if ( str < end )
> *str = 'v';
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] vsprintf: Make sure argument to %*ph/%pv is valid
2015-02-10 21:49 ` Andrew Cooper
@ 2015-02-10 21:55 ` Boris Ostrovsky
2015-02-11 8:27 ` Jan Beulich
1 sibling, 0 replies; 4+ messages in thread
From: Boris Ostrovsky @ 2015-02-10 21:55 UTC (permalink / raw)
To: Andrew Cooper, ian.campbell, ian.jackson, jbeulich, keir, tim; +Cc: xen-devel
On 02/10/2015 04:49 PM, Andrew Cooper wrote:
> On 10/02/2015 21:44, Boris Ostrovsky wrote:
>> If NULL pointer is passed for these specifiers then print '-'
>> or 'd-v-'.
>>
>> Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> Instead of special casing each custom format, I would be tempted just to
> put the switch() in an if(arg) conditional, and fall back to the regular
> number for a NULL pointer, or go along the glibc route and print "(NULL)".
OK, I could do that.
>
> I presume you found this by falling over a NULL pointer while
> debugging? I can't see a legitimate reason for formally supporting NULL
> pointers in each context, but crashing is certainly better avoided.
Yes, I hit %pv case when the vcpu I was tracking turned NULL. And yes,
we then crash.
-boris
>
> ~Andrew
>
>> ---
>> xen/common/vsprintf.c | 19 +++++++++++++++++++
>> 1 files changed, 19 insertions(+), 0 deletions(-)
>>
>> diff --git a/xen/common/vsprintf.c b/xen/common/vsprintf.c
>> index 065cc42..84cfa85 100644
>> --- a/xen/common/vsprintf.c
>> +++ b/xen/common/vsprintf.c
>> @@ -280,6 +280,13 @@ static char *pointer(char *str, char *end, const char **fmt_ptr,
>> /* Consumed 'h' from the format string. */
>> ++*fmt_ptr;
>>
>> + if ( hex_buffer == NULL )
>> + {
>> + if ( str < end )
>> + *str++ = '-';
>> + return str;
>> + }
>> +
>> /* Bound user count from %* to between 0 and 64 bytes. */
>> if ( field_width <= 0 )
>> return str;
>> @@ -338,6 +345,18 @@ static char *pointer(char *str, char *end, const char **fmt_ptr,
>> ++*fmt_ptr;
>> if ( str < end )
>> *str = 'd';
>> + if ( v == NULL )
>> + {
>> + /* If v is NULL then print 'd-v-' */
>> + str++;
>> + if ( str < end )
>> + *str++ = '-';
>> + if ( str < end )
>> + *str++ = 'v';
>> + if ( str < end )
>> + *str++ = '-';
>> + return str;
>> + }
>> str = number(str + 1, end, v->domain->domain_id, 10, -1, -1, 0);
>> if ( str < end )
>> *str = 'v';
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] vsprintf: Make sure argument to %*ph/%pv is valid
2015-02-10 21:49 ` Andrew Cooper
2015-02-10 21:55 ` Boris Ostrovsky
@ 2015-02-11 8:27 ` Jan Beulich
1 sibling, 0 replies; 4+ messages in thread
From: Jan Beulich @ 2015-02-11 8:27 UTC (permalink / raw)
To: Andrew Cooper, Boris Ostrovsky
Cc: keir, tim, ian.jackson, ian.campbell, xen-devel
>>> On 10.02.15 at 22:49, <andrew.cooper3@citrix.com> wrote:
> On 10/02/2015 21:44, Boris Ostrovsky wrote:
>> If NULL pointer is passed for these specifiers then print '-'
>> or 'd-v-'.
>>
>> Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
>
> Instead of special casing each custom format, I would be tempted just to
> put the switch() in an if(arg) conditional, and fall back to the regular
> number for a NULL pointer, or go along the glibc route and print "(NULL)".
>
> I presume you found this by falling over a NULL pointer while
> debugging? I can't see a legitimate reason for formally supporting NULL
> pointers in each context, but crashing is certainly better avoided.
I tend to disagree - lots of functions get passed pointers that
they dereference _assuming_ they're not NULL (or otherwise
invalid). vsprintf() doesn't need to be a special case - it's the
caller's responsibility to ensure it doesn't pass NULL in such
cases.
That said, I wouldn't object to a patch doing what is outlined in
the first paragraph of Andrew's reply above, but extended to
cover pointing anywhere into known bad ranges (i.e. at least
for x86 in particular anywhere below HYPERVISOR_VIRT_START).
Jan
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-02-11 8:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-10 21:44 [PATCH] vsprintf: Make sure argument to %*ph/%pv is valid Boris Ostrovsky
2015-02-10 21:49 ` Andrew Cooper
2015-02-10 21:55 ` Boris Ostrovsky
2015-02-11 8:27 ` Jan Beulich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.