On Wed, Jul 25, 2018 at 06:15:20PM -0700, Christopher Clark wrote:
> On Wed, Jul 25, 2018 at 1:53 AM, Wei Liu <wei.l...@citrix.com> wrote:
>
> > On Wed, Jul 25, 2018 at 09:49:39AM +0100, Wei Liu wrote:
> > > On Sat, Jul 21, 2018 at 02:14:12AM +0200, Marek Marczykowski-Górecki
> > wrote:
> > >
> > > > +
> > > > + memcpy(dest, buf, len);
> > > > + for (i = 0; i < len; i++) {
> > > > + if (dest[i] == '\033')
> > > > + dest[i] = '.';
> > > > + }
> > >
> > > This could be made more efficient by using:
> > >
> > > for (i = 0; i < len; i++) {
> > > if (src[i] == '\033')
> > > dst[i] = '.';
> > > else
> > > dst[i] = src[i];
> >
>
> The above code doesn't write the value that was checked into the
> destination buffer; instead it does a second copy from the source buffer.
> That is a problematic code pattern that we shouldn't really encourage.
Because you worry about TOCTOU attack? But both src and dst are under
xenconsoled's control.
Wei.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
