xfs
[Top] [All Lists]

Re: [PATCH 2/9 V2] xfsdump: Fix overflow of "question" string in Media_p

To: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Subject: Re: [PATCH 2/9 V2] xfsdump: Fix overflow of "question" string in Media_prompt_erase()
From: Eric Sandeen <sandeen@xxxxxxxxxxx>
Date: Thu, 13 Nov 2014 12:00:07 -0600
Cc: Eric Sandeen <sandeen@xxxxxxxxxx>, xfs@xxxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <20141113173813.GA9959@xxxxxxxxxxxxx>
References: <1415818638-32700-1-git-send-email-sandeen@xxxxxxxxxx> <1415818638-32700-3-git-send-email-sandeen@xxxxxxxxxx> <5463AF7A.8040006@xxxxxxxxxxx> <20141113173813.GA9959@xxxxxxxxxxxxx>
On 11/13/14 11:38 AM, Christoph Hellwig wrote:
>> +    asprintf( &question, 
>> +             "overwrite data on media in drive %u?\n",
>>               (unsigned int)drivep->d_index );
> 
> Where is the error handling?

Well, ok.

The error handling ahead of this is crap; if the
function returns !ok, we change the media:

                                ok = Media_prompt_overwrite( drivep );
                                if ( intr_allowed && cldmgr_stop_requested( )) {
                                        return RV_INTR;
                                }
                                if ( ! ok ) {
                                        goto changemedia;
                                }

I don't want to try to understand and rework all the ways we can
back out of this if we don't have ~100 bytes available.

So, what would you prefer:

I could make a 110-byte array, and snprintf max 110 bytes to it.
Or I could asprintf, and exit the whole program if it fails.

I'm not trying to make xfsdump perfect, I'm trying to make it
suck less. ;)

-Eric

<Prev in Thread] Current Thread [Next in Thread>