From patchwork Tue Jan 22 19:20:29 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Ding X-Patchwork-Id: 214633 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id D94612C007E for ; Wed, 23 Jan 2013 06:21:02 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754775Ab3AVTUn (ORCPT ); Tue, 22 Jan 2013 14:20:43 -0500 Received: from mail-qc0-f178.google.com ([209.85.216.178]:61603 "EHLO mail-qc0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753796Ab3AVTUl (ORCPT ); Tue, 22 Jan 2013 14:20:41 -0500 Received: by mail-qc0-f178.google.com with SMTP id j34so4674400qco.9 for ; Tue, 22 Jan 2013 11:20:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:to:cc:subject:date:message-id:x-mailer; bh=2ZBAWh05rLlWI6xMPovmYfqd7KdvJcQyGiWEBTmGOew=; b=gclEkAf8HoQQdom2LC5TEbupWTclZ6w02HISX74N7Fcs6OFODi543E2IIav/QfkBEx 7Wwp28MpOTgJrJwjkerjbFAJuRK6ujYH/dDDSomQYxtU9aMJ5VGToQ8QIPDUlrujFRez VlOZKogEE2GWTmn+61HoTPVHbXMpVQ1S9zCyW0g5KgnMENe9vldTRCdFxHKVX25J/1uS doKDftS0KIrvfQYlaUMyJOpK+QA13UF6kPz4kBO2KFd15MyDTIh9TdNdaHLCkuuPOf6G hWdyWb9O9h2uZfy/oReWK8MVln2QX/+BjrBgCtqSsM88ZsA2aUGePz/CF1BscyvnQdp7 4KHA== X-Received: by 10.224.175.82 with SMTP id w18mr17835776qaz.65.1358882440222; Tue, 22 Jan 2013 11:20:40 -0800 (PST) Received: from localhost.localdomain (ec2-54-243-39-165.compute-1.amazonaws.com. [54.243.39.165]) by mx.google.com with ESMTPS id u8sm11367079qeu.2.2013.01.22.11.20.38 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 22 Jan 2013 11:20:39 -0800 (PST) From: Cong Ding To: Sage Weil , "David S. Miller" , ceph-devel@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Cong Ding Subject: [PATCH] net/ceph/osdmap.c: fix undefined behavior when using snprintf() Date: Tue, 22 Jan 2013 19:20:29 +0000 Message-Id: <1358882429-19066-1-git-send-email-dinggnu@gmail.com> X-Mailer: git-send-email 1.7.4.5 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The variable "str" is used as both the source and destination in function snprintf(), which is undefined behavior based on C11. The original description in C11 is: "If copying takes place between objects that overlap, the behavior is undefined." And, the function of ceph_osdmap_state_str() is to return the osdmap state, so it should return "doesn't exist" when all the conditions are not satisfied. I fix it in this patch. Based on C11, snprintf() does nothing if n==0: "If n is zero, nothing is written, and s may be a null pointer. Otherwise, output characters beyond the n-1st are discarded rather than being written to the array, and a null character is written at the end of the characters actually written into the array." so I remove the unnecessary check of len (because it is not a busy path and saves a few lines of code). Signed-off-by: Cong Ding Reviewed-by: Alex Elder --- net/ceph/osdmap.c | 27 ++++++++------------------- 1 file changed, 8 insertions(+), 19 deletions(-) diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c index de73214..3131a99d3 100644 --- a/net/ceph/osdmap.c +++ b/net/ceph/osdmap.c @@ -13,26 +13,15 @@ char *ceph_osdmap_state_str(char *str, int len, int state) { - int flag = 0; - - if (!len) - goto done; - - *str = '\0'; - if (state) { - if (state & CEPH_OSD_EXISTS) { - snprintf(str, len, "exists"); - flag = 1; - } - if (state & CEPH_OSD_UP) { - snprintf(str, len, "%s%s%s", str, (flag ? ", " : ""), - "up"); - flag = 1; - } - } else { + if ((state & CEPH_OSD_EXISTS) && (state & CEPH_OSD_UP)) + snprintf(str, len, "exists, up"); + else if (state & CEPH_OSD_EXISTS) + snprintf(str, len, "exists"); + else if (state & CEPH_OSD_UP) + snprintf(str, len, "up"); + else snprintf(str, len, "doesn't exist"); - } -done: + return str; }