[PATCH] ubifs: replace simple_strtoul() with kstrtoul()
Geert Uytterhoeven
geert at linux-m68k.org
Mon May 19 23:53:48 PDT 2014
Hi Zhang,
On Mon, May 19, 2014 at 11:49 AM, Zhang Zhen <zhenzhang.zhang at huawei.com> wrote:
> On 2014/5/19 17:13, Geert Uytterhoeven wrote:
>> Please don't add mindless casts!
>>
>> On Mon, May 19, 2014 at 5:26 AM, Zhang Zhen <zhenzhang.zhang at huawei.com> wrote:
>>> --- a/fs/ubifs/super.c
>>> +++ b/fs/ubifs/super.c
>>> @@ -1905,6 +1905,7 @@ static struct ubi_volume_desc *open_ubi(const char *name, int mode)
>>> struct ubi_volume_desc *ubi;
>>> int dev, vol;
>>
>> dev is int
>>
>>> char *endptr;
>>> + int ret;
>>>
>>> /* First, try to open using the device node path method */
>>> ubi = ubi_open_volume_path(name, mode);
>>> @@ -1922,7 +1923,10 @@ static struct ubi_volume_desc *open_ubi(const char *name, int mode)
>>> if (!isdigit(name[3]))
>>> return ERR_PTR(-EINVAL);
>>>
>>> - dev = simple_strtoul(name + 3, &endptr, 0);
>>> + endptr = (char *)name + 3;
>>> + ret = kstrtoul(endptr, 0, (unsigned long *)&dev);
>>
>> On 64-bit, long is 64-bit, hence this will write beyond dev and will corrupt
>> the stack.
>>
> Yeah, you are right. This really may write beyond dev.
>
> The kstrtoul(const char *s, unsigned int base, unsigned long *res) only accept unsigned long
> pointer as the third parameter.
> And the original function simple_strtoul() returns unsigned long type value.
> It is also cast. So this may not corrupt the stack.
That's not a cast, but an implicit conversion (which may truncate the
value from 64-bit to 32-bit).
> Or do you have any better suggestion about this?
Change dev and vol to long?
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert at linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
More information about the linux-mtd
mailing list