On 03/03/2014 10:42 PM, Markus Armbruster wrote: > Chen Gang <gang.chen.5...@gmail.com> writes: > >> On 03/03/2014 04:34 PM, Markus Armbruster wrote: >>> Turns a buffer overrun bug into a truncation bug. The next commit fixes >>> truncation bugs including this one. Would be nice to spell this out in >>> the commit message. Perhaps Aneesh can do it on commit. >>> [...] >> >> Please help doing it on commit. > [...] > If you respin your series anyway, simply improve your commit message. > Something like this would do: > > hw/9pfs: Fix buffer overrun in local_remove(), local_unlinkat() > > When 'ctx->fs_root' + 'path'/'fullname.data' is larger than > PATH_MAX, we overrunning a buffer, smashing the stack. > > Fix by switching from sprintf() to snprintf(). Turns the buffer > overrun bugs into truncation bugs. The next commit will fix them > along with similar truncation bugs elsewhere in 9pfs. >
OK, thank you for your details information. And I guess, at present, I need not send patch v2 for this series (Aneesh has helped done for them). Thanks. -- Chen Gang Open, share, and attitude like air, water, and life which God blessed
