* very odd check in caif_seqpkt_sendmsg()
@ 2014-11-20 8:54 Al Viro
0 siblings, 0 replies; only message in thread
From: Al Viro @ 2014-11-20 8:54 UTC (permalink / raw)
To: Dmitry Tarnyagin; +Cc: netdev
This check is very odd:
if (unlikely(msg->msg_iov->iov_base == NULL))
goto err;
What happens if we get call it with msg_iovlen being 0? verify_iovec()
(or rw_copy_check_uvector(), for that matter) is just fine with that -
sendmsg() purely for msg_control is normal on e.g. AF_UNIX sockets.
And we end with ->msg_iov pointing to iovstack[], with iovstack[0] being
uninitialized. So at the very least your check is going to yield random
results in that case.
What is it supposed to check for? Note that memcpy_fromiovec() won't blow
up on NULL ->iov_base - with zero len it won't even look there and with
non-zero it'll fail with -EFAULT.
Was that intended to be if (unlikely(!len)) fail with EINVAL? Something
entirely different?
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-11-20 8:54 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-11-20 8:54 very odd check in caif_seqpkt_sendmsg() Al Viro
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).