Re: [PATCH] reiserfs: check/extend buffer length for printing functions

From: Chen Gang <gang.chen@asianux.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: George Spelvin <linux@horizon.com>,
	reiserfs-devel@vger.kernel.org,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] reiserfs: check/extend buffer length for printing functions
Date: Thu, 18 Jul 2013 15:54:12 +0800	[thread overview]
Message-ID: <51E79F24.2050504@asianux.com> (raw)
In-Reply-To: <20130718074316.GY4165@ZenIV.linux.org.uk>

On 07/18/2013 03:43 PM, Al Viro wrote:
> On Thu, Jul 18, 2013 at 03:29:17PM +0800, Chen Gang wrote:
>> > On 07/18/2013 12:28 PM, Chen Gang wrote:
>>> > >  
>>>> > >>  	strcpy(fmt1, fmt);
>>>> > >> @@ -199,46 +214,51 @@ static void prepare_error_buf(const char *fmt, va_list args)
>>>> > >>  	while ((k = is_there_reiserfs_struct(fmt1, &what)) != NULL) {
>>>> > >>  		*k = 0;
>>>> > >>  
>>>> > >> -		p += vsprintf(p, fmt1, args);
>>>> > >> +		p += vsnprintf(p, left, fmt1, args);
>> > 
>> > At least, need use vscnprintf() instead of vsnprintf(), since we need
>> > the real written length return.
> 		n = vsnprintf(p, left, ....);
> 		left -= n;
> 		if (left <= 0) /* overflow */
> 			break;	/* or whatever's suitable here */
> 		p += n;
> 
> 

Yeah, it is really a better fix. :-)


And now I am just testing, and find another issue about it, I am just
analyzing it it.

For next-20130717, let reiserfs build-in, when "mount /dev/sda11
/mnt/sda11" (assume sda11 is reiserfs filesystem).

I modify the code like this (just only use vsnprintf instead of vsprintf):

--------------------------diff begin------------------------------

diff --git a/fs/reiserfs/prints.c b/fs/reiserfs/prints.c
index c0b1112..3a38a62 100644
--- a/fs/reiserfs/prints.c
+++ b/fs/reiserfs/prints.c
@@ -10,7 +10,7 @@
 
 #include <stdarg.h>
 
-static char error_buf[1024];
+static char error_buf[13];
 static char fmt_buf[1024];
 static char off_buf[80];
 
@@ -195,7 +195,7 @@ static void prepare_error_buf(const char *fmt, va_list args)
 	spin_lock(&error_lock);
 
 	strcpy(fmt1, fmt);
-
+#if 0
 	while ((k = is_there_reiserfs_struct(fmt1, &what)) != NULL) {
 		*k = 0;
 
@@ -238,7 +238,8 @@ static void prepare_error_buf(const char *fmt, va_list args)
 		p += strlen(p);
 		fmt1 = k + 2;
 	}
-	vsprintf(p, fmt1, args);
+#endif
+	vsnprintf(p, 13, fmt1, args);
 	spin_unlock(&error_lock);
 
 }

--------------------------diff end--------------------------------


The output has '<7>':

[root@dhcp122 ~]# dmesg
[   38.797073] REISERFS (device sda11): found reiser
[   38.797089] REISERFS warning (device sda11):  reiserfs_fill_super: CONFIG_REISE
[   38.797095] REISERFS warning (device sda11):  reiserfs_fill_super: - it is slow
[   38.797098] REISERFS (device sda11): using orderereiserfs: using flush barriers
[   38.800507] REISERFS (device sda11): journal para
[   38.801158] REISERFS (device sda11): checking tra<7>[   38.801165] REISERFS debug (device sda11): journal-1153
[   38.801405] REISERFS debug (device sda11): journal-1206
[   38.801410] REISERFS debug (device sda11): journal-1299
[   38.817621] REISERFS (device sda11): Using r5 has
[   38.817906] SELinux: initialized (dev sda11, type reiserfs), uses genfs_contexts



Welcome any suggestions or completions.

Thanks.
-- 
Chen Gang
