From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:51712) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1StKYR-0004bq-2s for qemu-devel@nongnu.org; Mon, 23 Jul 2012 11:28:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1StKYJ-0000HD-0D for qemu-devel@nongnu.org; Mon, 23 Jul 2012 11:28:15 -0400 Received: from mx1.redhat.com ([209.132.183.28]:24510) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1StKYI-0000H4-OU for qemu-devel@nongnu.org; Mon, 23 Jul 2012 11:28:06 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q6NFS6v1011147 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 23 Jul 2012 11:28:06 -0400 Message-ID: <500D6DCF.2090905@redhat.com> Date: Mon, 23 Jul 2012 17:29:19 +0200 From: Laszlo Ersek MIME-Version: 1.0 References: <1343043213-9997-1-git-send-email-lersek@redhat.com> <874noyhcfz.fsf@blackfin.pond.sub.org> <500D4CD4.5030706@redhat.com> <87394ibjy6.fsf@blackfin.pond.sub.org> In-Reply-To: <87394ibjy6.fsf@blackfin.pond.sub.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] check for available room when formatting OpenFirmware device path List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster Cc: qemu-devel@nongnu.org On 07/23/12 17:01, Markus Armbruster wrote: > Laszlo Ersek writes: > >> On 07/23/12 14:46, Markus Armbruster wrote: >>> Laszlo Ersek writes: >>> >>>> Signed-off-by: Laszlo Ersek >>>> --- >>>> hw/qdev.c | 14 +++++++++++++- >>>> vl.c | 7 ++++++- >>>> 2 files changed, 19 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/hw/qdev.c b/hw/qdev.c >>>> index af54467..f1e83a4 100644 >>>> --- a/hw/qdev.c >>>> +++ b/hw/qdev.c >>>> @@ -502,6 +502,10 @@ static int qdev_get_fw_dev_path_helper(DeviceState *dev, char *p, int size) >>>> if (dev && dev->parent_bus) { >>>> char *d; >>>> l = qdev_get_fw_dev_path_helper(dev->parent_bus->parent, p, size); >>>> + if (l >= size) { >>>> + return l; >>>> + } >>>> + >>>> d = bus_get_fw_dev_path(dev->parent_bus, dev); >>>> if (d) { >>>> l += snprintf(p + l, size - l, "%s", d); >>>> @@ -509,6 +513,10 @@ static int qdev_get_fw_dev_path_helper(DeviceState *dev, char *p, int size) >>>> } else { >>>> l += snprintf(p + l, size - l, "%s", object_get_typename(OBJECT(dev))); >>>> } >>>> + >>>> + if (l >= size) { >>>> + return l; >>>> + } >>>> } >>>> l += snprintf(p + l , size - l, "/"); >>>> >>> >>> If the return value is less than the size argument, it's the length of >>> the string written into p[]. Else, it means p[] has insufficient >>> space. >> >> Yes. (snprintf() returns the number of bytes it would store, excluding >> the terminating NUL, had there been enough room. >> ) >> >> Did I make a mistake? >> >> Supposing snprintf() encounters no error, it returns a positive value P >> in the above. >> >> P = snprintf(..., size - l0, ...) >> l1 = l0 + P; >> >> l1 >= size >> <-> l0 + P >= size >> <-> P >= size - l0 >> >> >> The return value of qdev_get_fw_dev_path_helper() comes from another >> invocation of itself, or from the trailing snprintf(), so it behaves >> like snprintf. >> >> Or what do you have in mind? > > If I read your code correctly, qdev_get_fw_dev_path_helper() bails out > after the first snprintf() that goes beyond the buffer size. When that > happens before the job's done, the return value is less than the length > of the full path. Yes, but still greater than what would fit in the buffer. Is it a problem? ... Oh, did you mean the first comment in connection with the second? Ie. we should continue to format (just for length counting's sake) and then retry? IOW the early return isn't problematic in itself, but it doesn't support the reallocation? Thanks, Laszlo