On Tue, Apr 14, 2009 at 12:15 PM, Sasha Khapyorsky <[email protected]> wrote: > On 10:45 Tue 14 Apr , Hal Rosenstock wrote: >> >> Signed-off-by: Hal Rosenstock <[email protected]> > > Applied. Thanks. See note below. > >> + for (i = 0; >> + i <= >> (p_ntci->data_details.ntc_256.dr_trunc_hop & 0x3f); >> + i++) { >> + if (i == 0) >> + n += snprintf(buff + n, >> sizeof(buff) - n, "%d", >> + >> p_ntci->data_details.ntc_256.dr_rtn_path[i]); >> + else >> + n += snprintf(buff + n, >> sizeof(buff) - n, ",%d", >> + >> p_ntci->data_details.ntc_256.dr_rtn_path[i]); > > When snprintf() overflows it returns number of bytes which would be > written otherwise, so return value should be checked anyway. So I'm > adding this: > > if (n >= sizeof(buf)) { ^^^ buff
> n = sizeof(buff) - 2; > break; > } > > (in order to preserve space for new line). Sounds right. Doesn't this same issue exist elsewhere in opensm where snprintf is used and the return value is not checked in comparison to the size supplied ? -- Hal > > Sasha > _______________________________________________ > general mailing list > [email protected] > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general > > To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general >
_______________________________________________ general mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
