* dmesg: fix segfqult
@ 2011-07-18 16:45 Marc-Antoine Perennou
2011-07-18 17:12 ` Voelker, Bernhard
2011-07-18 18:11 ` Mike Frysinger
0 siblings, 2 replies; 5+ messages in thread
From: Marc-Antoine Perennou @ 2011-07-18 16:45 UTC (permalink / raw)
To: util-linux
An element declared as size_t cannot be detected as negative (len < 0
is always false).
This can lead to an infinite loop causing a segmentation fault.
Use an int to solve this issue
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
---
sys-utils/dmesg.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/sys-utils/dmesg.c b/sys-utils/dmesg.c
index 867581d..91855a1 100644
--- a/sys-utils/dmesg.c
+++ b/sys-utils/dmesg.c
@@ -362,7 +362,7 @@ static void safe_fwrite(const char *buf, size_t
size, FILE *out)
#ifdef HAVE_WIDECHAR
wchar_t wc;
- size_t len = mbrtowc(&wc, p, size - i, &s);
+ int len = mbrtowc(&wc, p, size - i, &s);
if (len == 0) /* L'\0' */
return;
--
1.7.6.134.gcf13f6.dirty
^ permalink raw reply related [flat|nested] 5+ messages in thread
* RE: dmesg: fix segfqult
2011-07-18 16:45 dmesg: fix segfqult Marc-Antoine Perennou
@ 2011-07-18 17:12 ` Voelker, Bernhard
2011-07-18 18:11 ` Mike Frysinger
1 sibling, 0 replies; 5+ messages in thread
From: Voelker, Bernhard @ 2011-07-18 17:12 UTC (permalink / raw)
To: Marc-Antoine Perennou, util-linux
Marc-Antoine Perennou wrote:
> An element declared as size_t cannot be detected as negative (len < 0
> is always false).
> This can lead to an infinite loop causing a segmentation fault.
> Use an int to solve this issue
>
> Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
> ---
> sys-utils/dmesg.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/sys-utils/dmesg.c b/sys-utils/dmesg.c
> index 867581d..91855a1 100644
> --- a/sys-utils/dmesg.c
> +++ b/sys-utils/dmesg.c
> @@ -362,7 +362,7 @@ static void safe_fwrite(const char *buf, size_t
> size, FILE *out)
>
> #ifdef HAVE_WIDECHAR
> wchar_t wc;
> - size_t len = mbrtowc(&wc, p, size - i, &s);
> + int len = mbrtowc(&wc, p, size - i, &s);
>
> if (len == 0) /* L'\0' */
> return;
> --
> 1.7.6.134.gcf13f6.dirty
> --
Interestingly, there are other projects which fell into the same trap:
* mc: https://bugzilla.redhat.com/show_bug.cgi?id=150569
Have a nice day,
Berny
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dmesg: fix segfqult
2011-07-18 16:45 dmesg: fix segfqult Marc-Antoine Perennou
2011-07-18 17:12 ` Voelker, Bernhard
@ 2011-07-18 18:11 ` Mike Frysinger
2011-07-18 18:12 ` Mike Frysinger
1 sibling, 1 reply; 5+ messages in thread
From: Mike Frysinger @ 2011-07-18 18:11 UTC (permalink / raw)
To: Marc-Antoine Perennou; +Cc: util-linux
On Mon, Jul 18, 2011 at 12:45, Marc-Antoine Perennou wrote:
> - size_t len = mbrtowc(&wc, p, size - i, &s);
> + int len = mbrtowc(&wc, p, size - i, &s);
this is wrong for systems where sizeof(size_t) != sizeof(int). i
think you want to fix the code like the man page indicates ... do "if
(len < (size_t)-1) ....."
-mike
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dmesg: fix segfqult
2011-07-18 18:11 ` Mike Frysinger
@ 2011-07-18 18:12 ` Mike Frysinger
2011-07-18 18:12 ` Mike Frysinger
0 siblings, 1 reply; 5+ messages in thread
From: Mike Frysinger @ 2011-07-18 18:12 UTC (permalink / raw)
To: Marc-Antoine Perennou; +Cc: util-linux
On Mon, Jul 18, 2011 at 14:11, Mike Frysinger wrote:
> On Mon, Jul 18, 2011 at 12:45, Marc-Antoine Perennou wrote:
>> - size_t len = mbrtowc(&wc, p, size - i, &s);
>> + int len = mbrtowc(&wc, p, size - i, &s);
>
> this is wrong for systems where sizeof(size_t) != sizeof(int). i
> think you want to fix the code like the man page indicates ... do "if
> (len < (size_t)-1) ....."
err, something like "if (len == (size_t)-1) { /* handle error */ }"
-mike
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dmesg: fix segfqult
2011-07-18 18:12 ` Mike Frysinger
@ 2011-07-18 18:12 ` Mike Frysinger
0 siblings, 0 replies; 5+ messages in thread
From: Mike Frysinger @ 2011-07-18 18:12 UTC (permalink / raw)
To: Marc-Antoine Perennou; +Cc: util-linux
and you can ignore me as i simply didnt finish going through my inbox
and you've already posted a v2 doing it right ;x
-mike
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-07-18 18:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-18 16:45 dmesg: fix segfqult Marc-Antoine Perennou
2011-07-18 17:12 ` Voelker, Bernhard
2011-07-18 18:11 ` Mike Frysinger
2011-07-18 18:12 ` Mike Frysinger
2011-07-18 18:12 ` Mike Frysinger
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.