* [PATCH] arch: arm64: kernel: sprintf(), 'str' needs additional 1 byte for failure processing
@ 2013-05-26 10:28 Chen Gang
2013-05-27 1:42 ` Chen Gang
2013-05-27 2:00 ` [PATCH v2] " Chen Gang
0 siblings, 2 replies; 5+ messages in thread
From: Chen Gang @ 2013-05-26 10:28 UTC (permalink / raw)
To: linux-arm-kernel
When failure occurs at the last looping cycle (when 'i == 0'), it will
print "bad PC value" instead of "(%08x) ", which needs additional 1
byte.
If not add 1 byte, the str will not be NUL terminated, and the next
printk() will cause issue.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
arch/arm64/kernel/traps.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
index 61d7dd2..c2f68d2 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -100,7 +100,7 @@ static void dump_instr(const char *lvl, struct pt_regs *regs)
{
unsigned long addr = instruction_pointer(regs);
mm_segment_t fs;
- char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str;
+ char str[sizeof("00000000 ") * 5 + 2 + 1 + 1], *p = str;
int i;
/*
--
1.7.7.6
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH] arch: arm64: kernel: sprintf(), 'str' needs additional 1 byte for failure processing
2013-05-26 10:28 [PATCH] arch: arm64: kernel: sprintf(), 'str' needs additional 1 byte for failure processing Chen Gang
@ 2013-05-27 1:42 ` Chen Gang
2013-05-27 2:00 ` [PATCH v2] " Chen Gang
1 sibling, 0 replies; 5+ messages in thread
From: Chen Gang @ 2013-05-27 1:42 UTC (permalink / raw)
To: linux-arm-kernel
On 05/26/2013 06:28 PM, Chen Gang wrote:
>
> When failure occurs at the last looping cycle (when 'i == 0'), it will
> print "bad PC value" instead of "(%08x) ", which needs additional 1
> byte.
>
> If not add 1 byte, the str will not be NUL terminated, and the next
> printk() will cause issue.
>
Oh, I type incorrect contents. It should be "If not add 1 byte, it will
memory overflow"
I will send patch v2.
> Signed-off-by: Chen Gang <gang.chen@asianux.com>
> ---
> arch/arm64/kernel/traps.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
> index 61d7dd2..c2f68d2 100644
> --- a/arch/arm64/kernel/traps.c
> +++ b/arch/arm64/kernel/traps.c
> @@ -100,7 +100,7 @@ static void dump_instr(const char *lvl, struct pt_regs *regs)
> {
> unsigned long addr = instruction_pointer(regs);
> mm_segment_t fs;
> - char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str;
> + char str[sizeof("00000000 ") * 5 + 2 + 1 + 1], *p = str;
> int i;
>
> /*
>
--
Chen Gang
Asianux Corporation
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] arch: arm64: kernel: sprintf(), 'str' needs additional 1 byte for failure processing
2013-05-26 10:28 [PATCH] arch: arm64: kernel: sprintf(), 'str' needs additional 1 byte for failure processing Chen Gang
2013-05-27 1:42 ` Chen Gang
@ 2013-05-27 2:00 ` Chen Gang
2013-05-28 10:42 ` Will Deacon
1 sibling, 1 reply; 5+ messages in thread
From: Chen Gang @ 2013-05-27 2:00 UTC (permalink / raw)
To: linux-arm-kernel
When failure occurs at the last looping cycle (when 'i == 0'), it will
print "bad PC value" instead of "(%08x) ", which needs additional 1
byte.
If not add 1 byte, the 'str' may be memory overflow.
Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
arch/arm64/kernel/traps.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
index 61d7dd2..c2f68d2 100644
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@@ -100,7 +100,7 @@ static void dump_instr(const char *lvl, struct pt_regs *regs)
{
unsigned long addr = instruction_pointer(regs);
mm_segment_t fs;
- char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str;
+ char str[sizeof("00000000 ") * 5 + 2 + 1 + 1], *p = str;
int i;
/*
--
1.7.7.6
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2] arch: arm64: kernel: sprintf(), 'str' needs additional 1 byte for failure processing
2013-05-27 2:00 ` [PATCH v2] " Chen Gang
@ 2013-05-28 10:42 ` Will Deacon
2013-05-28 11:21 ` Chen Gang
0 siblings, 1 reply; 5+ messages in thread
From: Will Deacon @ 2013-05-28 10:42 UTC (permalink / raw)
To: linux-arm-kernel
Hello,
On Mon, May 27, 2013 at 03:00:12AM +0100, Chen Gang wrote:
>
> When failure occurs at the last looping cycle (when 'i == 0'), it will
> print "bad PC value" instead of "(%08x) ", which needs additional 1
> byte.
>
> If not add 1 byte, the 'str' may be memory overflow.
>
>
> Signed-off-by: Chen Gang <gang.chen@asianux.com>
> ---
> arch/arm64/kernel/traps.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
> index 61d7dd2..c2f68d2 100644
> --- a/arch/arm64/kernel/traps.c
> +++ b/arch/arm64/kernel/traps.c
> @@ -100,7 +100,7 @@ static void dump_instr(const char *lvl, struct pt_regs *regs)
> {
> unsigned long addr = instruction_pointer(regs);
> mm_segment_t fs;
> - char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str;
> + char str[sizeof("00000000 ") * 5 + 2 + 1 + 1], *p = str;
> int i;
Whilst this code is difficult to follow, I don't think it's incorrect.
The size of the str array is:
sizeof("00000000 ") = 8 ('0's) + 1 (space) + 1 (NUL) = 10 bytes
*5 = 50 bytes
+2 (for the two brackets when i == 0) = 52 bytes
+1 (this is for the "bad PC value") = 53 bytes
In the worst case (when the PC is bad) we print:
"%08x " x4 = (8 + 1 + 1) *4 = 40 bytes
"bad PC value" = 12 + 1 = 13 bytes
so again, 53 bytes.
... or have I missed a character somewhere?
Will
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2] arch: arm64: kernel: sprintf(), 'str' needs additional 1 byte for failure processing
2013-05-28 10:42 ` Will Deacon
@ 2013-05-28 11:21 ` Chen Gang
0 siblings, 0 replies; 5+ messages in thread
From: Chen Gang @ 2013-05-28 11:21 UTC (permalink / raw)
To: linux-arm-kernel
On 05/28/2013 06:42 PM, Will Deacon wrote:
> Hello,
>
> On Mon, May 27, 2013 at 03:00:12AM +0100, Chen Gang wrote:
>> >
>> > When failure occurs at the last looping cycle (when 'i == 0'), it will
>> > print "bad PC value" instead of "(%08x) ", which needs additional 1
>> > byte.
>> >
>> > If not add 1 byte, the 'str' may be memory overflow.
>> >
>> >
>> > Signed-off-by: Chen Gang <gang.chen@asianux.com>
>> > ---
>> > arch/arm64/kernel/traps.c | 2 +-
>> > 1 files changed, 1 insertions(+), 1 deletions(-)
>> >
>> > diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
>> > index 61d7dd2..c2f68d2 100644
>> > --- a/arch/arm64/kernel/traps.c
>> > +++ b/arch/arm64/kernel/traps.c
>> > @@ -100,7 +100,7 @@ static void dump_instr(const char *lvl, struct pt_regs *regs)
>> > {
>> > unsigned long addr = instruction_pointer(regs);
>> > mm_segment_t fs;
>> > - char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str;
>> > + char str[sizeof("00000000 ") * 5 + 2 + 1 + 1], *p = str;
>> > int i;
> Whilst this code is difficult to follow, I don't think it's incorrect.
> The size of the str array is:
>
> sizeof("00000000 ") = 8 ('0's) + 1 (space) + 1 (NUL) = 10 bytes
Oh, it is my fault, I miss the "1 (NUL)".
> *5 = 50 bytes
> +2 (for the two brackets when i == 0) = 52 bytes
> +1 (this is for the "bad PC value") = 53 bytes
>
> In the worst case (when the PC is bad) we print:
>
> "%08x " x4 = (8 + 1 + 1) *4 = 40 bytes
Actually, it is 36 bytes, for sprintf() return the length excluding NUL.
(although, we still need notice the last NUL)
> "bad PC value" = 12 + 1 = 13 bytes
>
> so again, 53 bytes.
>
So again, 49 bytes. ;-)
> .. or have I missed a character somewhere?
>
NO, I missed characters, but you 'find' more characters. :-)
All together, this patch is incorrect, original implementation will not
cause issue.
Thanks
--
Chen Gang
Asianux Corporation
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-05-28 11:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-26 10:28 [PATCH] arch: arm64: kernel: sprintf(), 'str' needs additional 1 byte for failure processing Chen Gang
2013-05-27 1:42 ` Chen Gang
2013-05-27 2:00 ` [PATCH v2] " Chen Gang
2013-05-28 10:42 ` Will Deacon
2013-05-28 11:21 ` Chen Gang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).