WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] question about Xen source code (bugreport?)

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] question about Xen source code (bugreport?)
From: George Shuklin <george.shuklin@xxxxxxxxx>
Date: Thu, 23 Sep 2010 21:39:18 +0400
Delivery-date: Thu, 23 Sep 2010 10:40:38 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:content-type :date:message-id:mime-version:x-mailer:content-transfer-encoding; bh=rTRSmlOsiHhHlur6RdssjUUO1KKr8uoZTxzcrEYas5g=; b=a3Fiphg9HXyYYWxsSez9lMbfOLXF5dyqLxRrwkyHg7TolKCPV+nvW1CJ/rgLzWy39W TTxRww4rHInP/5etRS77d1k0Pqi8ZDGPmIrpxjZV2S9oqFR3MFDkqIlZDbTYIRgFem03 eYWO/Uj6FdPum6N/GMWGaJZRpGU5aC8mgideo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:content-type:date:message-id:mime-version:x-mailer :content-transfer-encoding; b=tNLMT2mwSN3SVH0zHjECOqIFVU/6zPEF+ebM1EsEuKNpM/frKyPii/Zp+r5Cnlg05i 0veCdIbSic9Z2c3BhGgyWijgoOnqErbqZYOs9U3VbJdDYh4V7aqdVtCp3vUZtnjdPVNM cV5bV+kTJj2rLuhOibdwIBvoRJ+MDRKV5E8vc=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Good day. 

I digging to Xen sources and found some kind of bug...

xen-3.4.2/tools/blktap ,function:

int convert_dev_name_to_num(char *name) 

It use some extremely strange expressions I could not understand.


           for(i = 0, ptr = alpha; i < strlen(alpha); i++) {
                        if(*ptr == *p) break;
                        *ptr++;
                }
                *p++;


What meaning of *p++? Why not simply p++?

And few lines lower:

ret = (202*256) + (16*i) + atoi(p);   (focus on atoi(p))

But atoi() behaviour is undefined if argument contains not number, but
letters.

Cite from Open Group POSIX specification: If the value cannot be
represented, the behavior is undefined:
http://www.opengroup.org/onlinepubs/000095399/functions/atoi.html


And I can create device /dev/xvdaa or something like this (I use XCP, so
it is command like: xe vbd-create ... device=999).

And this code become simply 'undefined behaviour. It can crash, do 'rm
-rf /' or simply return wrong value.

---
wBR, George.




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>