On 02/01/2019 10:43, Wei Liu wrote: > On Mon, Dec 31, 2018 at 05:34:25PM +0000, Andrew Cooper wrote: >> A NT_GNU_BUILD_ID with namesz longer than 4 will cause the strncmp() to use >> bytes in adjacent stringtable entries. >> >> Instead, check for namesz exactly equal to 4, and use memcmp() with an >> explicit size. >> >> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> >> --- >> CC: Jan Beulich <jbeul...@suse.com> >> CC: Wei Liu <wei.l...@citrix.com> >> CC: Roger Pau Monné <roger....@citrix.com> >> CC: Stefano Stabellini <sstabell...@kernel.org> >> CC: Julien Grall <julien.gr...@arm.com> >> >> Noticed while auditing Xen's use of strncmp() for the command line patch. >> --- >> xen/common/version.c | 6 +++--- >> 1 file changed, 3 insertions(+), 3 deletions(-) >> >> diff --git a/xen/common/version.c b/xen/common/version.c >> index 223cb52..1df7e78 100644 >> --- a/xen/common/version.c >> +++ b/xen/common/version.c >> @@ -97,17 +97,17 @@ int xen_build_id_check(const Elf_Note *n, unsigned int >> n_sz, >> if ( NT_GNU_BUILD_ID != n->type ) >> return -ENODATA; >> >> - if ( n->namesz + n->descsz < n->namesz ) >> + if ( n->namesz != 4 /* GNU\0 */) >> return -EINVAL; >> >> - if ( n->namesz < 4 /* GNU\0 */) >> + if ( n->namesz + n->descsz < n->namesz ) > The reordering of two predicates doesn't seem to serve any particular > purpose? You could've just changed "<" to "!=" for less code churn?
Logically, the != 4 check should be ahead of the truncation check, but yes - patch did collapse it into something rather harder to read in this case. > >> return -EINVAL; >> >> if ( n->namesz + n->descsz > n_sz - sizeof(*n) ) >> return -EINVAL; >> >> /* Sanity check, name should be "GNU" for ld-generated build-id. */ >> - if ( strncmp(ELFNOTE_NAME(n), "GNU", n->namesz) != 0 ) >> + if ( memcmp(ELFNOTE_NAME(n), "GNU", 4) != 0 ) > OOI what is the advantage of memcmp compared to strncmp? Erm. I suppose in this exact case, personal preference. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
