Re: [Qemu-trivial] [Qemu-devel] [PATCH] libcacard: fix wrong array expansion logic

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Markus Armbruster <armbru@redhat.com>
To: Michael Tokarev <mjt@tls.msk.ru>
Cc: qemu-trivial@nongnu.org, alevy@redhat.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-trivial] [Qemu-devel] [PATCH] libcacard: fix wrong array expansion logic
Date: Mon, 26 May 2014 08:25:24 +0200	[thread overview]
Message-ID: <87vbstawff.fsf@blackfin.pond.sub.org> (raw)
In-Reply-To: <1400878647-22176-1-git-send-email-mjt@msgid.tls.msk.ru> (Michael Tokarev's message of "Sat, 24 May 2014 00:57:27 +0400")

Michael Tokarev <mjt@tls.msk.ru> writes:

> The currrent code in libcacard/vcard_emul_nss.c:vcard_emul_options()
> has a weird bug in variable usage around expanding opts->vreader
> array.
>
> There's a helper variable, vreaderOpt, which is first needlessly
> initialized to NULL, next, conditionally, only we have to expand
> opts->vreader, receives array expansion from g_renew() (initially
> realloc), and next, even if we don't actually perform expansion,

I don't get the "(initially realloc)" part.  The sentence makes sense to
me just fine without it, though.

> the value of this variable is assigned to the actual array,
> opts->vreader, which was supposed to be expanded.
>
> So, since we expand the array by READER_STEP increments, only
> once in READER_STEP (=4) the code will work, in other 3/4 times
> it will fail badly.
>
> Fix this by not using this temp variable when expanding the
> array, and by dropping the useless =NULL initializer too -
> if it wasn't in place initially, compiler warned us about

"would have warned us"?

> this problem at the beginning.
>
> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
> ---
>  libcacard/vcard_emul_nss.c |    9 ++++-----
>  1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/libcacard/vcard_emul_nss.c b/libcacard/vcard_emul_nss.c
> index b7db51d..8462aef 100644
> --- a/libcacard/vcard_emul_nss.c
> +++ b/libcacard/vcard_emul_nss.c
> @@ -1149,7 +1149,7 @@ vcard_emul_options(const char *args)
>              char type_str[100];
>              VCardEmulType type;
>              int count, i;
> -            VirtualReaderOptions *vreaderOpt = NULL;
> +            VirtualReaderOptions *vreaderOpt;
>  
>              args = strip(args + 5);
>              if (*args != '(') {
> @@ -1173,11 +1173,10 @@ vcard_emul_options(const char *args)
>  
>              if (opts->vreader_count >= reader_count) {
>                  reader_count += READER_STEP;
> -                vreaderOpt = g_renew(VirtualReaderOptions, opts->vreader,
> -                                     reader_count);
> +                opts->vreader = g_renew(VirtualReaderOptions, opts->vreader,
> +                                        reader_count);
>              }
> -            opts->vreader = vreaderOpt;
> -            vreaderOpt = &vreaderOpt[opts->vreader_count];
> +            vreaderOpt = &opts->vreader[opts->vreader_count];
>              vreaderOpt->name = g_strndup(name, name_length);
>              vreaderOpt->vname = g_strndup(vname, vname_length);
>              vreaderOpt->card_type = type;

Much more straightforward now.  Thanks!

Reviewed-by: Markus Armbruster <armbru@redhat.com>

WARNING: multiple messages have this Message-ID (diff)

From: Markus Armbruster <armbru@redhat.com>
To: Michael Tokarev <mjt@tls.msk.ru>
Cc: qemu-trivial@nongnu.org, alevy@redhat.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] libcacard: fix wrong array expansion logic
Date: Mon, 26 May 2014 08:25:24 +0200	[thread overview]
Message-ID: <87vbstawff.fsf@blackfin.pond.sub.org> (raw)
In-Reply-To: <1400878647-22176-1-git-send-email-mjt@msgid.tls.msk.ru> (Michael Tokarev's message of "Sat, 24 May 2014 00:57:27 +0400")

Michael Tokarev <mjt@tls.msk.ru> writes:

> The currrent code in libcacard/vcard_emul_nss.c:vcard_emul_options()
> has a weird bug in variable usage around expanding opts->vreader
> array.
>
> There's a helper variable, vreaderOpt, which is first needlessly
> initialized to NULL, next, conditionally, only we have to expand
> opts->vreader, receives array expansion from g_renew() (initially
> realloc), and next, even if we don't actually perform expansion,

I don't get the "(initially realloc)" part.  The sentence makes sense to
me just fine without it, though.

> the value of this variable is assigned to the actual array,
> opts->vreader, which was supposed to be expanded.
>
> So, since we expand the array by READER_STEP increments, only
> once in READER_STEP (=4) the code will work, in other 3/4 times
> it will fail badly.
>
> Fix this by not using this temp variable when expanding the
> array, and by dropping the useless =NULL initializer too -
> if it wasn't in place initially, compiler warned us about

"would have warned us"?

> this problem at the beginning.
>
> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
> ---
>  libcacard/vcard_emul_nss.c |    9 ++++-----
>  1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/libcacard/vcard_emul_nss.c b/libcacard/vcard_emul_nss.c
> index b7db51d..8462aef 100644
> --- a/libcacard/vcard_emul_nss.c
> +++ b/libcacard/vcard_emul_nss.c
> @@ -1149,7 +1149,7 @@ vcard_emul_options(const char *args)
>              char type_str[100];
>              VCardEmulType type;
>              int count, i;
> -            VirtualReaderOptions *vreaderOpt = NULL;
> +            VirtualReaderOptions *vreaderOpt;
>  
>              args = strip(args + 5);
>              if (*args != '(') {
> @@ -1173,11 +1173,10 @@ vcard_emul_options(const char *args)
>  
>              if (opts->vreader_count >= reader_count) {
>                  reader_count += READER_STEP;
> -                vreaderOpt = g_renew(VirtualReaderOptions, opts->vreader,
> -                                     reader_count);
> +                opts->vreader = g_renew(VirtualReaderOptions, opts->vreader,
> +                                        reader_count);
>              }
> -            opts->vreader = vreaderOpt;
> -            vreaderOpt = &vreaderOpt[opts->vreader_count];
> +            vreaderOpt = &opts->vreader[opts->vreader_count];
>              vreaderOpt->name = g_strndup(name, name_length);
>              vreaderOpt->vname = g_strndup(vname, vname_length);
>              vreaderOpt->card_type = type;

Much more straightforward now.  Thanks!

Reviewed-by: Markus Armbruster <armbru@redhat.com>

next prev parent reply	other threads:[~2014-05-26  6:25 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-23 20:57 [Qemu-trivial] [PATCH] libcacard: fix wrong array expansion logic Michael Tokarev
2014-05-23 20:57 ` [Qemu-devel] " Michael Tokarev
2014-05-26  6:25 ` Markus Armbruster [this message]
2014-05-26  6:25   ` Markus Armbruster
2014-05-26  6:29   ` [Qemu-trivial] " Michael Tokarev
2014-05-26  6:29     ` Michael Tokarev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87vbstawff.fsf@blackfin.pond.sub.org \
    --to=armbru@redhat.com \
    --cc=alevy@redhat.com \
    --cc=mjt@tls.msk.ru \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-trivial@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.