Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755361Ab2HXK2J (ORCPT ); Fri, 24 Aug 2012 06:28:09 -0400 Received: from cam-admin0.cambridge.arm.com ([217.140.96.50]:60366 "EHLO cam-admin0.cambridge.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751398Ab2HXK2H (ORCPT ); Fri, 24 Aug 2012 06:28:07 -0400 Date: Fri, 24 Aug 2012 11:27:26 +0100 From: Catalin Marinas To: Jim Meyering Cc: "linux-kernel@vger.kernel.org" , Jim Meyering , "linux-mm@kvack.org" Subject: Re: [PATCH] kmemleak: avoid buffer overrun: NUL-terminate strncpy-copied command Message-ID: <20120824102725.GH7585@arm.com> References: <1345481724-30108-1-git-send-email-jim@meyering.net> <1345481724-30108-4-git-send-email-jim@meyering.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1345481724-30108-4-git-send-email-jim@meyering.net> User-Agent: Mutt/1.5.20 (2009-06-14) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1391 Lines: 36 On Mon, Aug 20, 2012 at 05:55:22PM +0100, Jim Meyering wrote: > From: Jim Meyering > > strncpy NUL-terminates only when the length of the source string > is smaller than the size of the destination buffer. > The two other strncpy uses (just preceding) happen to be ok > with the current TASK_COMM_LEN (16), because the literals > "hardirq" and "softirq" are both shorter than 16. However, > technically it'd be better to use strcpy along with a > compile-time assertion that they fit in the buffer. > > Signed-off-by: Jim Meyering > --- > mm/kmemleak.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/mm/kmemleak.c b/mm/kmemleak.c > index 45eb621..947257f 100644 > --- a/mm/kmemleak.c > +++ b/mm/kmemleak.c > @@ -555,6 +555,7 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size, > * case, the command line is not correct. > */ > strncpy(object->comm, current->comm, sizeof(object->comm)); > + object->comm[sizeof(object->comm) - 1] = 0; Does it really matter here? object->comm[] and current->comm[] have the same size, TASK_COMM_LEN. -- Catalin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/