[PATCH 1/3] tools: hv: fcopy_daemon: Check buffer limits

Dan Carpenter dan.carpenter at oracle.com
Tue Oct 21 14:17:24 UTC 2014


On Tue, Oct 21, 2014 at 02:59:58PM +0200, Matej Mužila wrote:
> > sizeof(__u8) is by definition 1 so it's perhaps surplus ?
> Now the size is now determined from the structure definition in
> include/uapi/linux/hyperv.h
> 
> > - C style comments for coding style
> Fixed
> 
> > Also your patch block is devoid of a few thins like the file name...
> I'm sorry, the (missing) filename mistake occured in copy-paste process.
> 

Copy and paste is very error prone...

> 
> Here is the patch as it (I hope) should look like:

This patch looks good, but please resend it as a proper v2 patch.

https://www.google.com/search?q=how+to+send+a+v2+patch

> ---
> From: Matej Mužila <mmuzila at redhat.com>
> 
> Check if cpmsg->size is in limits of DATA_FRAGMENT
> 
> Signed-off-by: Matej Mužila <mmuzila at redhat.com>
> ---
> If corrupted data are read from /dev/vmbus/hv_fcopy, pwrite can
> read from memory outside of the buffer (defined at line 138).
> Added check. 

Put this information in the patch description and not beyond the cut
off.  That information is useful.

The cut off is meant for meta comentary to say what changed between v1
and v2 etc, which is nice to have but we don't want to preserve it.

regards,
dan carpenter




More information about the devel mailing list