[4.2.y-ckt stable] Patch "lib/hexdump.c: truncate output in case of overflow" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Mon Jan 4 23:22:37 UTC 2016 

This is a note to let you know that I have just added a patch titled

    lib/hexdump.c: truncate output in case of overflow

to the linux-4.2.y-queue branch of the 4.2.y-ckt extended stable tree 
which can be found at:

    http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-4.2.y-queue

This patch is scheduled to be released in version 4.2.8-ckt1.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 4.2.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From f8f5dc21aee9238e8479c110e69c854cdc67d5f3 Mon Sep 17 00:00:00 2001
From: Andy Shevchenko <andriy.shevchenko at linux.intel.com>
Date: Fri, 6 Nov 2015 16:31:31 -0800
Subject: lib/hexdump.c: truncate output in case of overflow

commit 9f029f540c2f7e010e4922d44ba0dfd05da79f88 upstream.

There is a classical off-by-one error in case when we try to place, for
example, 1+1 bytes as hex in the buffer of size 6.  The expected result is
to get an output truncated, but in the reality we get 6 bytes filed
followed by terminating NUL.

Change the logic how we fill the output in case of byte dumping into
limited space.  This will follow the snprintf() behaviour by truncating
output even on half bytes.

Fixes: 114fc1afb2de (hexdump: make it return number of bytes placed in buffer)
Signed-off-by: Andy Shevchenko <andriy.shevchenko at linux.intel.com>
Reported-by: Aaro Koskinen <aaro.koskinen at nokia.com>
Tested-by: Aaro Koskinen <aaro.koskinen at nokia.com>
Cc: Al Viro <viro at zeniv.linux.org.uk>
Cc: Catalin Marinas <catalin.marinas at arm.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 lib/hexdump.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/hexdump.c b/lib/hexdump.c
index 8d74c20..992457b 100644
--- a/lib/hexdump.c
+++ b/lib/hexdump.c
@@ -169,11 +169,15 @@ int hex_dump_to_buffer(const void *buf, size_t len, int rowsize, int groupsize,
 		}
 	} else {
 		for (j = 0; j < len; j++) {
-			if (linebuflen < lx + 3)
+			if (linebuflen < lx + 2)
 				goto overflow2;
 			ch = ptr[j];
 			linebuf[lx++] = hex_asc_hi(ch);
+			if (linebuflen < lx + 2)
+				goto overflow2;
 			linebuf[lx++] = hex_asc_lo(ch);
+			if (linebuflen < lx + 2)
+				goto overflow2;
 			linebuf[lx++] = ' ';
 		}
 		if (j)
--
1.9.1

More information about the kernel-team mailing list