All of lore.kernel.org
 help / color / mirror / Atom feed
* dmesg: fix segfqult
@ 2011-07-18 16:45 Marc-Antoine Perennou
  2011-07-18 17:12 ` Voelker, Bernhard
  2011-07-18 18:11 ` Mike Frysinger
  0 siblings, 2 replies; 5+ messages in thread
From: Marc-Antoine Perennou @ 2011-07-18 16:45 UTC (permalink / raw)
  To: util-linux

An element declared as size_t cannot be detected as negative (len < 0
is always false).
This can lead to an infinite loop causing a segmentation fault.
Use an int to solve this issue

Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
---
 sys-utils/dmesg.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/sys-utils/dmesg.c b/sys-utils/dmesg.c
index 867581d..91855a1 100644
--- a/sys-utils/dmesg.c
+++ b/sys-utils/dmesg.c
@@ -362,7 +362,7 @@ static void safe_fwrite(const char *buf, size_t
size, FILE *out)

 #ifdef HAVE_WIDECHAR
 		wchar_t wc;
-		size_t len = mbrtowc(&wc, p, size - i, &s);
+		int len = mbrtowc(&wc, p, size - i, &s);

 		if (len == 0)				/* L'\0' */
 			return;
-- 
1.7.6.134.gcf13f6.dirty

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* RE: dmesg: fix segfqult
  2011-07-18 16:45 dmesg: fix segfqult Marc-Antoine Perennou
@ 2011-07-18 17:12 ` Voelker, Bernhard
  2011-07-18 18:11 ` Mike Frysinger
  1 sibling, 0 replies; 5+ messages in thread
From: Voelker, Bernhard @ 2011-07-18 17:12 UTC (permalink / raw)
  To: Marc-Antoine Perennou, util-linux

Marc-Antoine Perennou wrote:

> An element declared as size_t cannot be detected as negative (len < 0
> is always false).
> This can lead to an infinite loop causing a segmentation fault.
> Use an int to solve this issue
> 
> Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
> ---
>  sys-utils/dmesg.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/sys-utils/dmesg.c b/sys-utils/dmesg.c
> index 867581d..91855a1 100644
> --- a/sys-utils/dmesg.c
> +++ b/sys-utils/dmesg.c
> @@ -362,7 +362,7 @@ static void safe_fwrite(const char *buf, size_t
> size, FILE *out)
> 
>  #ifdef HAVE_WIDECHAR
>  		wchar_t wc;
> -		size_t len = mbrtowc(&wc, p, size - i, &s);
> +		int len = mbrtowc(&wc, p, size - i, &s);
> 
>  		if (len == 0)				/* L'\0' */
>  			return;
> -- 
> 1.7.6.134.gcf13f6.dirty
> --

Interestingly, there are other projects which fell into the same trap:
* mc: https://bugzilla.redhat.com/show_bug.cgi?id=150569 

Have a nice day,
Berny

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: dmesg: fix segfqult
  2011-07-18 16:45 dmesg: fix segfqult Marc-Antoine Perennou
  2011-07-18 17:12 ` Voelker, Bernhard
@ 2011-07-18 18:11 ` Mike Frysinger
  2011-07-18 18:12   ` Mike Frysinger
  1 sibling, 1 reply; 5+ messages in thread
From: Mike Frysinger @ 2011-07-18 18:11 UTC (permalink / raw)
  To: Marc-Antoine Perennou; +Cc: util-linux

On Mon, Jul 18, 2011 at 12:45, Marc-Antoine Perennou wrote:
> -               size_t len = mbrtowc(&wc, p, size - i, &s);
> +               int len = mbrtowc(&wc, p, size - i, &s);

this is wrong for systems where sizeof(size_t) != sizeof(int).  i
think you want to fix the code like the man page indicates ... do "if
(len < (size_t)-1) ....."
-mike

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: dmesg: fix segfqult
  2011-07-18 18:11 ` Mike Frysinger
@ 2011-07-18 18:12   ` Mike Frysinger
  2011-07-18 18:12     ` Mike Frysinger
  0 siblings, 1 reply; 5+ messages in thread
From: Mike Frysinger @ 2011-07-18 18:12 UTC (permalink / raw)
  To: Marc-Antoine Perennou; +Cc: util-linux

On Mon, Jul 18, 2011 at 14:11, Mike Frysinger wrote:
> On Mon, Jul 18, 2011 at 12:45, Marc-Antoine Perennou wrote:
>> -               size_t len = mbrtowc(&wc, p, size - i, &s);
>> +               int len = mbrtowc(&wc, p, size - i, &s);
>
> this is wrong for systems where sizeof(size_t) != sizeof(int).  i
> think you want to fix the code like the man page indicates ... do "if
> (len < (size_t)-1) ....."

err, something like "if (len == (size_t)-1) { /* handle error */ }"
-mike

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: dmesg: fix segfqult
  2011-07-18 18:12   ` Mike Frysinger
@ 2011-07-18 18:12     ` Mike Frysinger
  0 siblings, 0 replies; 5+ messages in thread
From: Mike Frysinger @ 2011-07-18 18:12 UTC (permalink / raw)
  To: Marc-Antoine Perennou; +Cc: util-linux

and you can ignore me as i simply didnt finish going through my inbox
and you've already posted a v2 doing it right ;x
-mike

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-07-18 18:20 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-18 16:45 dmesg: fix segfqult Marc-Antoine Perennou
2011-07-18 17:12 ` Voelker, Bernhard
2011-07-18 18:11 ` Mike Frysinger
2011-07-18 18:12   ` Mike Frysinger
2011-07-18 18:12     ` Mike Frysinger

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.