From: yakui_zhao <yakui.zhao@intel.com>
To: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: "linux-acpi@vger.kernel.org" <linux-acpi@vger.kernel.org>,
"lenb@kernel.org" <lenb@kernel.org>
Subject: Re: [RFC] [PATCH]: ACPI: Rename ACPI processor device bus ID
Date: Mon, 25 May 2009 08:59:40 +0800 [thread overview]
Message-ID: <1243213180.8523.200.camel@localhost.localdomain> (raw)
In-Reply-To: <20090523210156.GA11172@khazad-dum.debian.net>
On Sun, 2009-05-24 at 05:01 +0800, Henrique de Moraes Holschuh wrote:
> On Sat, 23 May 2009, yakui_zhao wrote:
> > On Sat, 2009-05-23 at 11:18 +0800, Henrique de Moraes Holschuh wrote:
> > > On Thu, 21 May 2009, yakui_zhao wrote:
> > > > + sprintf(acpi_device_bid(device), "CPU%X", pr->id);
> > >
> > > Is this safe against overflows, i.e. is pr->id something *we* set? Because
> > > if it is in any way read from the ACPI firmware, you have to either use
> > > snprintf, or use the format string to limit the %X to a safe lenght...
> > Thanks for pointing out this issue.
> > Now the array size of acpi_bus_id is 5. And when the cpu number is above
> > 256, the overflow will happen. But it is very luck that the following
> > three bytes are not used by other variable because of align. And this
> > still can work.
> > Of course I already sent a patch, in which the array size is changed
> > from 5 to 8.
> >
> > At the same time if the cpu number is less than or equal to 256, the
> > length of format string is safe.
>
> Yeah, but I was really asking if, even with space for 8 chars, isn't there a
> risk of pr->id being, say, 0xfffffffe due to some wierdness...
If the pr->id is set to 0xfffffffe, it is a risk.
But in fact OS will get the correct cpu id by using the function of
get_cpu_id. The result value is -1 or other correct cpu id.
So it is unnecessary to worry that the incorrect value is assigned to
pr->id.
Of course it will be OK to use the snprintf instead of sprintf.
thanks.
> If there is such a risk, you should use snprintf, or a a length limit in the
> format...
>
prev parent reply other threads:[~2009-05-25 0:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-21 8:02 [RFC] [PATCH]: ACPI: Rename ACPI processor device bus ID yakui_zhao
2009-05-23 3:18 ` Henrique de Moraes Holschuh
2009-05-23 5:20 ` yakui_zhao
2009-05-23 21:01 ` Henrique de Moraes Holschuh
2009-05-25 0:59 ` yakui_zhao [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1243213180.8523.200.camel@localhost.localdomain \
--to=yakui.zhao@intel.com \
--cc=hmh@hmh.eng.br \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox