Return-Path: Received: from cn.fujitsu.com ([222.73.24.84]:61642 "EHLO song.cn.fujitsu.com" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1751251Ab1CKENL (ORCPT ); Thu, 10 Mar 2011 23:13:11 -0500 Message-ID: <4D79A183.8090306@cn.fujitsu.com> Date: Fri, 11 Mar 2011 12:13:55 +0800 From: Mi Jinlong To: "J. Bruce Fields" CC: roel , Neil Brown , linux-nfs@vger.kernel.org, Andrew Morton , LKML Subject: Re: [PATCH] nfsd: wrong index used in inner loop References: <4D76A06A.4090405@gmail.com> <20110309004955.GD15814@fieldses.org> In-Reply-To: <20110309004955.GD15814@fieldses.org> Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-nfs-owner@vger.kernel.org List-ID: MIME-Version: 1.0 J. Bruce Fields: > On Tue, Mar 08, 2011 at 10:32:26PM +0100, roel wrote: >> Index i was already used in the outer loop >> >> Signed-off-by: Roel Kluin >> --- >> fs/nfsd/nfs4xdr.c | 4 ++-- >> 1 files changed, 2 insertions(+), 2 deletions(-) >> >> Not 100% sure this one is needed but it looks suspicious. > > Looks bad to me, thanks. > > nfsd4_decode_create_session should probably really be broken up a little > bit; if it wasn't so long this would have been more obvious. > > I'll see if I can slip this into 2.6.38 with a couple other last-minute > patches.... Otherwise, it'll be in 2.6.39. > > --b. > >> diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c >> index 1275b86..615f0a9 100644 >> --- a/fs/nfsd/nfs4xdr.c >> +++ b/fs/nfsd/nfs4xdr.c >> @@ -1142,7 +1142,7 @@ nfsd4_decode_create_session(struct nfsd4_compoundargs *argp, >> >> u32 dummy; >> char *machine_name; >> - int i; >> + int i, j; >> int nr_secflavs; >> >> READ_BUF(16); >> @@ -1215,7 +1215,7 @@ nfsd4_decode_create_session(struct nfsd4_compoundargs *argp, >> READ_BUF(4); >> READ32(dummy); >> READ_BUF(dummy * 4); >> - for (i = 0; i < dummy; ++i) >> + for (j = 0; j < dummy; ++j) >> READ32(dummy); We must not use dummy for index here. After the first index, READ32(dummy) will change dummy!!!! The following patch fix this problem. -- thanks, Mi Jinlong ============================================================ We must not use dummy for index. After the first index, READ32(dummy) will change dummy!!!! Signed-off-by: Mi Jinlong --- fs/nfsd/nfs4xdr.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 615f0a9..8dd70d0 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -1140,7 +1140,7 @@ nfsd4_decode_create_session(struct nfsd4_compoundargs *argp, { DECODE_HEAD; - u32 dummy; + u32 dummy, tmp; char *machine_name; int i, j; int nr_secflavs; @@ -1216,7 +1216,7 @@ nfsd4_decode_create_session(struct nfsd4_compoundargs *argp, READ32(dummy); READ_BUF(dummy * 4); for (j = 0; j < dummy; ++j) - READ32(dummy); + READ32(tmp); break; case RPC_AUTH_GSS: dprintk("RPC_AUTH_GSS callback secflavor " -- 1.7.4.1