From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MXtlG-0001Hs-RW for qemu-devel@nongnu.org; Mon, 03 Aug 2009 05:23:18 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MXtlB-0001FG-Vq for qemu-devel@nongnu.org; Mon, 03 Aug 2009 05:23:17 -0400 Received: from [199.232.76.173] (port=49462 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MXtlB-0001F5-Kq for qemu-devel@nongnu.org; Mon, 03 Aug 2009 05:23:13 -0400 Received: from mx2.redhat.com ([66.187.237.31]:43332) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MXtlB-0004oE-4z for qemu-devel@nongnu.org; Mon, 03 Aug 2009 05:23:13 -0400 Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n739NCEQ032442 for ; Mon, 3 Aug 2009 05:23:12 -0400 Message-ID: <4A76AC7B.8090409@redhat.com> Date: Mon, 03 Aug 2009 11:23:07 +0200 From: Gerd Hoffmann MIME-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH 1/2] qdev: factor out qdev_print_devinfo. References: <1248865944-15937-1-git-send-email-kraxel@redhat.com> <87zlak7701.fsf@pike.pond.sub.org> <4A7696BE.6030100@redhat.com> <8763d5i9tf.fsf@pike.pond.sub.org> In-Reply-To: <8763d5i9tf.fsf@pike.pond.sub.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster Cc: qemu-devel@nongnu.org On 08/03/09 10:24, Markus Armbruster wrote: > Gerd Hoffmann writes: > >> On 08/01/09 01:44, Markus Armbruster wrote: >>> Gerd Hoffmann writes: >>> >>>> Signed-off-by: Gerd Hoffmann >>>> --- >>>> hw/qdev.c | 19 ++++++++++++++++++- >>>> 1 files changed, 18 insertions(+), 1 deletions(-) >>>> >>>> diff --git a/hw/qdev.c b/hw/qdev.c >>>> index 479eb72..6f05232 100644 >>>> --- a/hw/qdev.c >>>> +++ b/hw/qdev.c >>>> @@ -105,6 +105,21 @@ DeviceState *qdev_create(BusState *bus, const char *name) >>>> return dev; >>>> } >>>> >>>> +static int qdev_print_devinfo(DeviceInfo *info, char *dest, int len) >>>> +{ >>>> + int pos = 0; >>>> + >>>> + pos += snprintf(dest+pos, len-pos, "name \"%s\", bus %s", >>>> + info->name, info->bus_info->name); >>>> + if (info->alias) >>>> + pos += snprintf(dest+pos, len-pos, ", alias \"%s\"", info->alias); >>>> + if (info->desc) >>>> + pos += snprintf(dest+pos, len-pos, ", desc \"%s\"", info->desc); >>>> + if (info->no_user) >>>> + pos += snprintf(dest+pos, len-pos, ", no-user"); >>>> + return pos; >>>> +} >>>> + >>> Isn't len-pos vulnerable to underflow here? The formal parameter type >>> is size_t... >>> >>> [...] >> Huh? You mean you want be able to pass a buffer larger than 2^31 to >> that function? >> >> cheers >> Gerd > > snprintf() returns length of output. This may exceed its buffer size > argument. [ after reading the man page ] Ah. In case the buffer doesn't fit it doesn't return the number of bytes actually written. It returns the number of bytes needed to print everything. The logic is wrong then, I'll send a fix. cheers, Gerd