|
From: | Gerd Hoffmann |
Subject: | Re: [Qemu-devel] [PATCH 1/2] qdev: factor out qdev_print_devinfo. |
Date: | Mon, 03 Aug 2009 11:23:07 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3pre) Gecko/20090513 Fedora/3.0-2.3.beta2.fc11 Lightning/1.0pre Thunderbird/3.0b2 |
On 08/03/09 10:24, Markus Armbruster wrote:
Gerd Hoffmann<address@hidden> writes:On 08/01/09 01:44, Markus Armbruster wrote:Gerd Hoffmann<address@hidden> writes:Signed-off-by: Gerd Hoffmann<address@hidden> --- hw/qdev.c | 19 ++++++++++++++++++- 1 files changed, 18 insertions(+), 1 deletions(-) diff --git a/hw/qdev.c b/hw/qdev.c index 479eb72..6f05232 100644 --- a/hw/qdev.c +++ b/hw/qdev.c @@ -105,6 +105,21 @@ DeviceState *qdev_create(BusState *bus, const char *name) return dev; } +static int qdev_print_devinfo(DeviceInfo *info, char *dest, int len) +{ + int pos = 0; + + pos += snprintf(dest+pos, len-pos, "name \"%s\", bus %s", + info->name, info->bus_info->name); + if (info->alias) + pos += snprintf(dest+pos, len-pos, ", alias \"%s\"", info->alias); + if (info->desc) + pos += snprintf(dest+pos, len-pos, ", desc \"%s\"", info->desc); + if (info->no_user) + pos += snprintf(dest+pos, len-pos, ", no-user"); + return pos; +} +Isn't len-pos vulnerable to underflow here? The formal parameter type is size_t... [...]Huh? You mean you want be able to pass a buffer larger than 2^31 to that function? cheers Gerdsnprintf() returns length of output. This may exceed its buffer size argument.
[ after reading the man page ]Ah. In case the buffer doesn't fit it doesn't return the number of bytes actually written. It returns the number of bytes needed to print everything.
The logic is wrong then, I'll send a fix. cheers, Gerd
[Prev in Thread] | Current Thread | [Next in Thread] |