[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v3] storage: Sanitize pool target paths



On 05/24/2010 04:55 PM, Eric Blake wrote:
> Phooey.  Need a v4; this can fault.  If you have "///" ending on a page
> boundary, then...
> 
> 
>> +            bool slash_before = (offset != 0 && cur[-1] == '/');
>> +
>> +            /* Skip all extra / */
>> +            if (*cur == '/') {
>> +                cur++;
>> +                continue;
>> +            }
> 
> ...this advances cur to the '\0', and the next iteration of the nested
> do-while accesses past the trailing NUL when computing slash_follow.

I spoke too soon.  I keep forgetting that with a do-while, the continue
still checks the loop condition, rather than blindly jumping to the loop
start.

I'm re-reading the patch in that context, and you may be clean with v3
after all.  Sorry for the poor review...

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]