Hi Keir,
Below is an alternative patch that perhaps more clearly illustrates
the problem with this memmem() replacement. This segfault occurs when
parsing the nm output on ia64. Thanks,
Alex
On Fri, 2007-01-05 at 15:03 -0700, Alex Williamson wrote:
> On Thu, 2007-01-04 at 10:18 +0000, Xen staging patchbot-unstable wrote:
> > # HG changeset patch
> > # User kfraser@xxxxxxxxxxxxxxxxxxxxx
> > # Date 1167905854 0
> > # Node ID bdbfbfdfbd64ddedc775d55f1a9e842847fea7b2
> > # Parent 60f91c9f1a248491e2f216d009a27a4c7e5e67d4
> > [XEN] Avoid use of GNU-specific memmem().
>
> > --- a/xen/tools/symbols.c Wed Jan 03 23:53:27 2007 +0000
> > +++ b/xen/tools/symbols.c Thu Jan 04 10:17:34 2007 +0000
> > @@ -350,6 +350,14 @@ static void build_initial_tok_table(void
> > table_cnt = pos;
> > }
> >
> > +static void *memmem_pvt(void *h, size_t hlen, void *n, size_t nlen)
> > +{
> > + char *p;
> > + for (p = h; (p - (char *)h) <= (hlen - nlen); p++)
> > + if (!memcmp(p, n, nlen)) return p;
> > + return NULL;
> > +}
>
> size_t is unsigned, (hlen - nlen) can wrap and cause a segfault. The
> patch below fixes it. Thanks,
>
> Alex
>
> Signed-off-by: Alex Williamson <alex.williamson@xxxxxx>
> ---
>
> diff -r a8930b548048 xen/tools/symbols.c
> --- a/xen/tools/symbols.c Fri Jan 05 14:36:55 2007 -0700
> +++ b/xen/tools/symbols.c Fri Jan 05 14:58:21 2007 -0700
> @@ -353,7 +353,7 @@ static void *memmem_pvt(void *h, size_t
> static void *memmem_pvt(void *h, size_t hlen, void *n, size_t nlen)
> {
> char *p;
> - for (p = h; (p - (char *)h) <= (hlen - nlen); p++)
> + for (p = h; (p - (char *)h) <= (long)(hlen - nlen); p++)
> if (!memcmp(p, n, nlen)) return p;
> return NULL;
> }
Signed-off-by: Alex Williamson <alex.williamson@xxxxxx>
---
diff -r a8930b548048 xen/tools/symbols.c
--- a/xen/tools/symbols.c Fri Jan 05 14:36:55 2007 -0700
+++ b/xen/tools/symbols.c Mon Jan 08 07:01:09 2007 -0700
@@ -353,6 +353,8 @@ static void *memmem_pvt(void *h, size_t
static void *memmem_pvt(void *h, size_t hlen, void *n, size_t nlen)
{
char *p;
+ if (nlen > hlen)
+ return NULL;
for (p = h; (p - (char *)h) <= (hlen - nlen); p++)
if (!memcmp(p, n, nlen)) return p;
return NULL;
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|