[PATCH] makedumpfile: Fix string append in dump_log_entry()
Petr Tesarik
ptesarik at suse.cz
Tue Mar 4 09:18:14 EST 2014
On Fri, 28 Feb 2014 01:01:33 +0000
Atsushi Kumagai <kumagai-atsushi at mxc.nes.nec.co.jp> wrote:
> Hello Petr,
Hello Kumagai-san,
> >To quote the sprintf(3) man page:
> >
> > Some programs imprudently rely on code such as the following
> >
> > sprintf(buf, "%s some further text", buf);
> >
> > to append text to buf. However, the standards explicitly note that
> > the results are undefined if source and destination buffers overlap
> > when calling sprintf(), snprintf(), vsprintf(), and vsnprintf().
> > Depending on the version of gcc(1) used, and the compiler options
> > employed, calls such as the above will not produce the expected results.
> >
> >The original code is actually miscompiled on openSUSE 13.1.
> >
> >It's also overkill to call sprintf() for something that can be done
> >with a simple assignment.
> >
> >Signed-off-by: Petr Tesarik <ptesarik at suse.cz>
>
> Thanks, it seems good to me.
>
> Actually, Nick sent the same patch in last July and we tried to
> take care of buffer overflow at the same time as below:
>
> http://lists.infradead.org/pipermail/kexec/2013-August/009430.html
>
> However, this thread has been left open, so I was wondering if you
> could take over this work. Of course you can decline this, then I'll
> do it later as another patch.
I don't mind taking over this work, but I don't think it's a good thing
to combine the buffer overflow fix with the sprintf buffer overlap
fix.
What is the expected plan? Are you waiting for me to send a two-patch
series now?
Petr Tesarik
More information about the kexec
mailing list