From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57687)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <gang.chen.5i5j@gmail.com>) id 1WKdNU-0004j6-4G
	for qemu-devel@nongnu.org; Mon, 03 Mar 2014 19:38:44 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <gang.chen.5i5j@gmail.com>) id 1WKdNK-0004h0-QC
	for qemu-devel@nongnu.org; Mon, 03 Mar 2014 19:38:36 -0500
Received: from mail-pb0-x230.google.com ([2607:f8b0:400e:c01::230]:46234)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <gang.chen.5i5j@gmail.com>) id 1WKdNK-0004gS-IG
	for qemu-devel@nongnu.org; Mon, 03 Mar 2014 19:38:26 -0500
Received: by mail-pb0-f48.google.com with SMTP id md12so4410744pbc.21
	for <qemu-devel@nongnu.org>; Mon, 03 Mar 2014 16:38:25 -0800 (PST)
Message-ID: <5315207C.5030406@gmail.com>
Date: Tue, 04 Mar 2014 08:38:20 +0800
From: Chen Gang <gang.chen.5i5j@gmail.com>
MIME-Version: 1.0
References: <52EF68CA.9060604@gmail.com>
	<20140203103429.GB10408@redhat.com>	<52EF71DC.3000309@gmail.com>
	<52F0C8BA.7020709@gmail.com>	<20140204110631.GD5632@redhat.com>
	<52F0CD67.5070601@gmail.com>	<87siry3l7t.fsf@linux.vnet.ibm.com>
	<52F17B5E.1050602@gmail.com>	<52FF3182.9090106@gmail.com>
	<53097D8E.1030803@gmail.com>	<87sir850ho.fsf@blackfin.pond.sub.org>	<CAMCqw8J5y-h0waS6ZtFc75r8OHN27P6LUAGqp4j-wHxxwu0iOw@mail.gmail.com>	<87ha7o3c5x.fsf@blackfin.pond.sub.org>
	<530FCBAD.10305@gmail.com>	<531219CC.4050505@gmail.com>
	<53121A12.5050105@gmail.com>	<53121A4B.70308@gmail.com>
	<87txbf65q6.fsf@blackfin.pond.sub.org>	<53145F65.1000304@gmail.com>
	<87bnxnz6lz.fsf@blackfin.pond.sub.org>
In-Reply-To: <87bnxnz6lz.fsf@blackfin.pond.sub.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 2/3] hw/9pfs/virtio-9p-local.c: use
 snprintf() instead of sprintf()
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Markus Armbruster <armbru@redhat.com>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>, aliguori@amazon.com, QEMU Developers <qemu-devel@nongnu.org>

On 03/03/2014 10:42 PM, Markus Armbruster wrote:
> Chen Gang <gang.chen.5i5j@gmail.com> writes:
> 
>> On 03/03/2014 04:34 PM, Markus Armbruster wrote:
>>> Turns a buffer overrun bug into a truncation bug.  The next commit fixes
>>> truncation bugs including this one.  Would be nice to spell this out in
>>> the commit message.  Perhaps Aneesh can do it on commit.
>>>
[...]
>>
>> Please help doing it on commit.
> 
[...]
> If you respin your series anyway, simply improve your commit message.
> Something like this would do:
> 
>     hw/9pfs: Fix buffer overrun in local_remove(), local_unlinkat()
> 
>     When 'ctx->fs_root' + 'path'/'fullname.data' is larger than
>     PATH_MAX, we overrunning a buffer, smashing the stack.
> 
>     Fix by switching from sprintf() to snprintf().  Turns the buffer
>     overrun bugs into truncation bugs.  The next commit will fix them
>     along with similar truncation bugs elsewhere in 9pfs.
> 

OK, thank you for your details information.

And I guess, at present, I need not send patch v2 for this series
(Aneesh has helped done for them).


Thanks.
-- 
Chen Gang

Open, share, and attitude like air, water, and life which God blessed