[PATCH] 2.4 vsnprintf fix.

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] 2.4 vsnprintf fix.
@ 2001-09-20 11:29 Rusty Russell
  2001-09-21 19:26 ` Crutcher Dunnavant
  0 siblings, 1 reply; 2+ messages in thread
From: Rusty Russell @ 2001-09-20 11:29 UTC (permalink / raw)
  To: torvalds; +Cc: linux-kernel

Following patch fixes calling vsnprintf with (NULL, 0) to get the
length of the string.  The problem is that the end ptr is set to
0xFFFFFFFF in this case, causing a write into address 0 as start <
end.

Cheers,
Rusty. 
--
Premature optmztion is rt of all evl. --DK

--- working-pmac-module/lib/vsprintf.c.~1~	Mon Sep 17 08:53:56 2001
+++ working-pmac-module/lib/vsprintf.c	Thu Sep 20 21:26:05 2001
@@ -246,6 +246,8 @@
 				/* 'z' support added 23/7/1999 S.H.    */
 				/* 'z' changed to 'Z' --davidm 1/25/99 */
 
+	/* buf = NULL, size = 0 is common for getting length */
+	if (size == 0) buf = (void *)1;
 	str = buf;
 	end = buf + size - 1;

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] 2.4 vsnprintf fix.
  2001-09-20 11:29 [PATCH] 2.4 vsnprintf fix Rusty Russell
@ 2001-09-21 19:26 ` Crutcher Dunnavant
  0 siblings, 0 replies; 2+ messages in thread
From: Crutcher Dunnavant @ 2001-09-21 19:26 UTC (permalink / raw)
  To: linux-kernel

++ 20/09/01 21:29 +1000 - Rusty Russell:
> Following patch fixes calling vsnprintf with (NULL, 0) to get the
> length of the string.  The problem is that the end ptr is set to
> 0xFFFFFFFF in this case, causing a write into address 0 as start <
> end.

Doh! Egg on face. Between this and the sysrq bugs, I'm thinking of going
into dance instead of hacking anymore. Sorry about this, it is a basic
mistake (right up there with going up against a scicilian when death is
on the line.)

> 
> Cheers,
> Rusty. 
> --
> Premature optmztion is rt of all evl. --DK
> 
> --- working-pmac-module/lib/vsprintf.c.~1~	Mon Sep 17 08:53:56 2001
> +++ working-pmac-module/lib/vsprintf.c	Thu Sep 20 21:26:05 2001
> @@ -246,6 +246,8 @@
>  				/* 'z' support added 23/7/1999 S.H.    */
>  				/* 'z' changed to 'Z' --davidm 1/25/99 */
>  
> +	/* buf = NULL, size = 0 is common for getting length */
> +	if (size == 0) buf = (void *)1;
>  	str = buf;
>  	end = buf + size - 1;
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

-- 
Crutcher        <crutcher@datastacks.com>
GCS d--- s+:>+:- a-- C++++$ UL++++$ L+++$>++++ !E PS+++ PE Y+ PGP+>++++
    R-(+++) !tv(+++) b+(++++) G+ e>++++ h+>++ r* y+>*$

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2001-09-21 19:26 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-09-20 11:29 [PATCH] 2.4 vsnprintf fix Rusty Russell
2001-09-21 19:26 ` Crutcher Dunnavant

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox