Re: possible off by one error in drivers/isdn/divert/divert

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: possible off by one error in drivers/isdn/divert/divert_procfs.c
       [not found] <BLU108-W15F33D55974CB43800BEB59C000@phx.gbl>
@ 2010-04-30 22:12 ` Karsten Keil
  0 siblings, 0 replies; only message in thread
From: Karsten Keil @ 2010-04-30 22:12 UTC (permalink / raw)
  To: d binderman; +Cc: netdev

On Freitag, 30. April 2010 23:15:17 d binderman wrote:
> Hello there,
> 
> I've just been looking at the Linux kernel linux-2.6.34-rc6.  I notice the
> source code in file drivers/isdn/divert/divert_procfs.c, around line 50 is
> 
>         if (!(ib = kmalloc(sizeof(struct divert_info) + strlen(cp),
>  GFP_ATOMIC))) return;        /* no memory */
>         strcpy(ib->info_start, cp);     /* set output string */
> 
> 
> Shouldn't that be
> 
>         if (!(ib = kmalloc(sizeof(struct divert_info) + strlen(cp) + 1,
>  GFP_ATOMIC))) return;        /* no memory */
>         strcpy(ib->info_start, cp);     /* set output string */
> 
> +1 for the zero byte ?
> 

No the struct divert_info already add 2 bytes as size of the info_start field.

So in real it has one byte more as needed.

Same think with the code in drivers/isdn/divert/divert_procfs.c

Karsten

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2010-04-30 22:12 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <BLU108-W15F33D55974CB43800BEB59C000@phx.gbl>
2010-04-30 22:12 ` possible off by one error in drivers/isdn/divert/divert_procfs.c Karsten Keil

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).