> +/* Read debug info of a prototype. */
> +static void bcread_dbg(BCReadCtx *ctx, ktap_proto_t *pt, int sizedbg)
> +{
> + void *lineinfo = (void *)proto_lineinfo(pt);
> +
> + bcread_block(ctx, lineinfo, sizedbg);
> + /* Swap lineinfo if the endianess differs. */
Why does this care about endianness? Can't that be handled in the user
space? And why would the user space create different endianness than
the host is?
> + for (i = 0; i < sizekgc; i++, kr++) {
> + int tp = bcread_uint32(ctx);
> + if (tp >= BCDUMP_KGC_STR) {
The signedness handling all over this file is a scary.
What happens if the user puts in negative values or near overflow
values.
Most likely a lot of these checks should be unsigned
and need to be audited again (and ideally fuzzed too)
> +
> + /* Allocate prototype object and initialize its fields. */
> + pt = (ktap_proto_t *)kp_obj_new(ctx->ks, (int)sizept);
Error check?
Lots of other similar cases.
-Andi
--
a...@linux.intel.com -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
