* [patch] nfsd: minor off by one checks in __write_versions()
@ 2014-11-27 15:58 Dan Carpenter
2014-11-28 1:17 ` Jeff Layton
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2014-11-27 15:58 UTC (permalink / raw)
To: J. Bruce Fields, Chuck Lever; +Cc: linux-nfs, kernel-janitors
My static checker complains that if "len == remaining" then it means we
have truncated the last character off the version string.
The intent of the code is that we print as many versions as we can
without truncating a version. Then we put a newline at the end. If the
newline can't fit we return -EINVAL.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index 9506ea5..19ace74 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -608,7 +608,7 @@ static ssize_t __write_versions(struct file *file, char *buf, size_t size)
num);
sep = " ";
- if (len > remaining)
+ if (len >= remaining)
break;
remaining -= len;
buf += len;
@@ -623,7 +623,7 @@ static ssize_t __write_versions(struct file *file, char *buf, size_t size)
'+' : '-',
minor);
- if (len > remaining)
+ if (len >= remaining)
break;
remaining -= len;
buf += len;
@@ -631,7 +631,7 @@ static ssize_t __write_versions(struct file *file, char *buf, size_t size)
}
len = snprintf(buf, remaining, "\n");
- if (len > remaining)
+ if (len >= remaining)
return -EINVAL;
return tlen + len;
}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [patch] nfsd: minor off by one checks in __write_versions()
2014-11-27 15:58 [patch] nfsd: minor off by one checks in __write_versions() Dan Carpenter
@ 2014-11-28 1:17 ` Jeff Layton
0 siblings, 0 replies; 2+ messages in thread
From: Jeff Layton @ 2014-11-28 1:17 UTC (permalink / raw)
To: Dan Carpenter; +Cc: J. Bruce Fields, Chuck Lever, linux-nfs, kernel-janitors
On Thu, 27 Nov 2014 18:58:54 +0300
Dan Carpenter <dan.carpenter@oracle.com> wrote:
> My static checker complains that if "len == remaining" then it means we
> have truncated the last character off the version string.
>
> The intent of the code is that we print as many versions as we can
> without truncating a version. Then we put a newline at the end. If the
> newline can't fit we return -EINVAL.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
> index 9506ea5..19ace74 100644
> --- a/fs/nfsd/nfsctl.c
> +++ b/fs/nfsd/nfsctl.c
> @@ -608,7 +608,7 @@ static ssize_t __write_versions(struct file *file, char *buf, size_t size)
> num);
> sep = " ";
>
> - if (len > remaining)
> + if (len >= remaining)
> break;
> remaining -= len;
> buf += len;
> @@ -623,7 +623,7 @@ static ssize_t __write_versions(struct file *file, char *buf, size_t size)
> '+' : '-',
> minor);
>
> - if (len > remaining)
> + if (len >= remaining)
> break;
> remaining -= len;
> buf += len;
> @@ -631,7 +631,7 @@ static ssize_t __write_versions(struct file *file, char *buf, size_t size)
> }
>
> len = snprintf(buf, remaining, "\n");
> - if (len > remaining)
> + if (len >= remaining)
> return -EINVAL;
> return tlen + len;
> }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Looks correct. Good catch.
Reviewed-by: Jeff Layton <jlayton@primarydata.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-11-28 1:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-27 15:58 [patch] nfsd: minor off by one checks in __write_versions() Dan Carpenter
2014-11-28 1:17 ` Jeff Layton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox