> +/* Read debug info of a prototype. */ > +static void bcread_dbg(BCReadCtx *ctx, ktap_proto_t *pt, int sizedbg) > +{ > + void *lineinfo = (void *)proto_lineinfo(pt); > + > + bcread_block(ctx, lineinfo, sizedbg); > + /* Swap lineinfo if the endianess differs. */
Why does this care about endianness? Can't that be handled in the user space? And why would the user space create different endianness than the host is? > + for (i = 0; i < sizekgc; i++, kr++) { > + int tp = bcread_uint32(ctx); > + if (tp >= BCDUMP_KGC_STR) { The signedness handling all over this file is a scary. What happens if the user puts in negative values or near overflow values. Most likely a lot of these checks should be unsigned and need to be audited again (and ideally fuzzed too) > + > + /* Allocate prototype object and initialize its fields. */ > + pt = (ktap_proto_t *)kp_obj_new(ctx->ks, (int)sizept); Error check? Lots of other similar cases. -Andi -- a...@linux.intel.com -- Speaking for myself only. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/