From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:59332)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Qb4Rl-00086h-Re
	for qemu-devel@nongnu.org; Mon, 27 Jun 2011 01:33:22 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Qb4Rk-00012a-Cm
	for qemu-devel@nongnu.org; Mon, 27 Jun 2011 01:33:21 -0400
Received: from mail-yx0-f173.google.com ([209.85.213.173]:37746)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1Qb4Rk-00012N-0f
	for qemu-devel@nongnu.org; Mon, 27 Jun 2011 01:33:20 -0400
Received: by yxt3 with SMTP id 3so237353yxt.4
	for <qemu-devel@nongnu.org>; Sun, 26 Jun 2011 22:33:19 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <BANLkTikgc7yCnLx5Z-crJPxkAm13K8uvKQ@mail.gmail.com>
References: <1309146518-8998-1-git-send-email-famcool@gmail.com>
	<1309146518-8998-4-git-send-email-famcool@gmail.com>
	<BANLkTikcxqAHFCSDgySR7tsRiWm0ZcnGEw@mail.gmail.com>
	<BANLkTikgc7yCnLx5Z-crJPxkAm13K8uvKQ@mail.gmail.com>
Date: Mon, 27 Jun 2011 06:33:18 +0100
Message-ID: <BANLkTintWcnDXVG5ir+S8u9b3sA-HVkj5Q@mail.gmail.com>
From: Stefan Hajnoczi <stefanha@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH v3 03/12] VMDK: probe for monolithicFlat
	images
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Fam Zheng <famcool@gmail.com>
Cc: kwolf@redhat.com, qemu-devel@nongnu.org, hch@lst.de

On Mon, Jun 27, 2011 at 6:11 AM, Fam Zheng <famcool@gmail.com> wrote:
> On Mon, Jun 27, 2011 at 12:43 PM, Stefan Hajnoczi <stefanha@gmail.com> wr=
ote:
>> On Mon, Jun 27, 2011 at 4:48 AM, Fam Zheng <famcool@gmail.com> wrote:
>>> + =A0 =A0 =A0 =A0 =A0 =A0if (strncmp("version=3D1\n", p, strlen("versio=
n=3D1\n")) =3D=3D 0 ||
>>> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0strncmp("version=3D1\r\n", p, strlen("=
version=3D1\r\n")) =3D=3D 0 ||
>>> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0strncmp("version=3D2\n", p, strlen("ve=
rsion=3D2\n")) =3D=3D 0 ||
>>> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0strncmp("version=3D2\r\n", p, strlen("=
version=3D2\r\n")) =3D=3D 0) {
>>> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return 100;
>>> + =A0 =A0 =A0 =A0 =A0 =A0}
>>
>> If p =3D=3D end - 1 then this will run off the end of the buffer. =A0You=
 need to use:
>>
>> strncmp("version=3D1\n", p, end - p);
>>
>
> Won't work if (p =3D=3D end -1 and *p =3D=3D 'v'), how about check if end=
 - p
> is big enough first?

Yes, good point.  Only compare if there is enough space for the matching st=
ring:

remaining =3D end - p;
if (remaining < strlen("version=3DX\n")) {
    continue;
}
if (strncmp("version=3D1\n", p, remaining) =3D=3D 0 ||
    strncmp("version=3D2\n", p, remaining) =3D=3D 0) {
    return 100;
}

if (remaining < strlen("version=3DX\r\n")) {
    continue;
}
if (strncmp("version=3D1\r\n", p, remaining) =3D=3D 0 ||
    strncmp("version=3D2\r\n", p, remaining) =3D=3D 0) {
    return 100;
}

Stefan