* Re: possible off by one error in drivers/isdn/divert/divert_procfs.c
[not found] <BLU108-W15F33D55974CB43800BEB59C000@phx.gbl>
@ 2010-04-30 22:12 ` Karsten Keil
0 siblings, 0 replies; only message in thread
From: Karsten Keil @ 2010-04-30 22:12 UTC (permalink / raw)
To: d binderman; +Cc: netdev
On Freitag, 30. April 2010 23:15:17 d binderman wrote:
> Hello there,
>
> I've just been looking at the Linux kernel linux-2.6.34-rc6. I notice the
> source code in file drivers/isdn/divert/divert_procfs.c, around line 50 is
>
> if (!(ib = kmalloc(sizeof(struct divert_info) + strlen(cp),
> GFP_ATOMIC))) return; /* no memory */
> strcpy(ib->info_start, cp); /* set output string */
>
>
> Shouldn't that be
>
> if (!(ib = kmalloc(sizeof(struct divert_info) + strlen(cp) + 1,
> GFP_ATOMIC))) return; /* no memory */
> strcpy(ib->info_start, cp); /* set output string */
>
> +1 for the zero byte ?
>
No the struct divert_info already add 2 bytes as size of the info_start field.
So in real it has one byte more as needed.
Same think with the code in drivers/isdn/divert/divert_procfs.c
Karsten
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-04-30 22:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <BLU108-W15F33D55974CB43800BEB59C000@phx.gbl>
2010-04-30 22:12 ` possible off by one error in drivers/isdn/divert/divert_procfs.c Karsten Keil
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).