On Fri, 25 May 2007 06:48:34 +0000 "young dave" <[EMAIL PROTECTED]> wrote:
> Yes, I'm sure. but the patch in top post of mine works, the diffrence
> is using kzalloc and remove the "ni->name[i] = 0;" line.
>
Let's walk through the existing code:
i = na->name_len * sizeof(ntfschar);
now, i = na->name_len * 2
ni->name = kmalloc(i + sizeof(ntfschar), GFP_ATOMIC);
we allocated (na->name_len * 2 + 2) bytes
if (!ni->name)
return -ENOMEM;
memcpy(ni->name, na->name, i);
we copied (na->name_len * 2) bytes
ni->name[i] = 0;
here, we zero the two bytes at byte offsets ((na->name_len * 2) * 2) and
((na->name_len * 2) * 2 + 1), and that is the bug. We _want_ to zero
the two bytes at byte offsets (na->name_len * 2) and (na->name_len * 2 + 1),
which we can do in C via
ni->name[na->name_len] = 0;
because sizeof(*(ni->name)) == 2.
So I'm still suspecting that you mistested that change.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
