From patchwork Wed Sep 19 19:35:35 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Bruno_Pr=C3=A9mont?= X-Patchwork-Id: 1480261 X-Patchwork-Delegate: jikos@jikos.cz Return-Path: X-Original-To: patchwork-linux-input@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id D78FF3FE79 for ; Wed, 19 Sep 2012 19:36:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751105Ab2ISTgc (ORCPT ); Wed, 19 Sep 2012 15:36:32 -0400 Received: from smtprelay.restena.lu ([158.64.1.62]:58008 "EHLO smtprelay.restena.lu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750851Ab2ISTgb convert rfc822-to-8bit (ORCPT ); Wed, 19 Sep 2012 15:36:31 -0400 Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id A1E1310584; Wed, 19 Sep 2012 21:36:29 +0200 (CEST) Received: from neptune.home (unknown [IPv6:2001:a18:1:1402:2c0:9fff:fe2d:39d]) by smtprelay.restena.lu (Postfix) with ESMTP id 48B411057F; Wed, 19 Sep 2012 21:36:29 +0200 (CEST) Date: Wed, 19 Sep 2012 21:35:35 +0200 From: Bruno =?UTF-8?B?UHLDqW1vbnQ=?= To: Dan Carpenter Cc: Jiri Kosina , linux-input@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [patch] HID: picoLCD: off by one in dump_buff_as_hex() Message-ID: <20120919213535.34712fb5@neptune.home> In-Reply-To: <20120917225437.6f2847ee@neptune.home> References: <20120914110414.GA1152@elgon.mountain> <20120917225437.6f2847ee@neptune.home> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.10; i686-pc-linux-gnu) Mime-Version: 1.0 X-Virus-Scanned: ClamAV Sender: linux-input-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-input@vger.kernel.org Dan, What's your opinion on below alternative patch? In addition to yours it makes would-overflow visible. It does not check for output buffer having non-zero size but as callers are local with #defined buffer size I don't think that would be needed. Author: Bruno Prémont Date: Wed Sep 19 21:18:10 2012 +0200 Subject: HID: picoLCD: bounds check in dump_buff_as_hex() Make sure we keep enough space for terminating NUL character after last newline. If we have too much data, replace last byte with '.'s to make overflow visible. Using hex_dump_to_buffer() is not interesting as it adds more overhead and does not append the trailing linefeed. Reported-by: Dan Carpenter Signed-off-by: Bruno Prémont --- drivers/hid/hid-picolcd_debugfs.c | 14 ++++++++------ 1 files changed, 8 insertions(+), 6 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/hid/hid-picolcd_debugfs.c b/drivers/hid/hid-picolcd_debugfs.c index 868853a..c5c2fd9 100644 --- a/drivers/hid/hid-picolcd_debugfs.c +++ b/drivers/hid/hid-picolcd_debugfs.c @@ -381,16 +381,16 @@ static void dump_buff_as_hex(char *dst, size_t dst_sz, const u8 *data, const size_t data_len) { int i, j; - for (i = j = 0; i < data_len && j + 3 < dst_sz; i++) { + for (i = j = 0; i < data_len && j + 4 < dst_sz; i++) { dst[j++] = hex_asc[(data[i] >> 4) & 0x0f]; dst[j++] = hex_asc[data[i] & 0x0f]; dst[j++] = ' '; } - if (j < dst_sz) { - dst[j--] = '\0'; - dst[j] = '\n'; - } else - dst[j] = '\0'; + dst[j] = '\0'; + if (j > 0) + dst[j-1] = '\n'; + if (i < data_len && j > 2) + dst[j-2] = dst[j-3] = '.'; } void picolcd_debug_out_report(struct picolcd_data *data,