lib/string_helpers.c: change semantics of string_escape_mem

The current semantics of string_escape_mem are inadequate for one of its current users, vsnprintf(). If that is to honour its contract, it must know how much space would be needed for the entire escaped buffer, and string_escape_mem provides no way of obtaining that (short of allocating a large enough buffer (~4 times input string) to let it play with, and that's definitely a big no-no inside vsnprintf). So change the semantics for string_escape_mem to be more snprintf-like: Return the size of the output that would be generated if the destination buffer was big enough, but of course still only write to the part of dst it is allowed to, and (contrary to snprintf) don't do '\0'-termination. It is then up to the caller to detect whether output was truncated and to append a '\0' if desired. Also, we must output partial escape sequences, otherwise a call such as snprintf(buf, 3, "%1pE", "\123") would cause printf to write a \0 to buf[2] but leaving buf[0] and buf[1] with whatever they previously contained. This also fixes a bug in the escaped_string() helper function, which used to unconditionally pass a length of "end-buf" to string_escape_mem(); since the latter doesn't check osz for being insanely large, it would happily write to dst. For example, kasprintf(GFP_KERNEL, "something and then %pE", ...); is an easy way to trigger an oops. In test-string_helpers.c, the -ENOMEM test is replaced with testing for getting the expected return value even if the buffer is too small. We also ensure that nothing is written (by relying on a NULL pointer deref) if the output size is 0 by passing NULL - this has to work for kasprintf("%pE") to work. In net/sunrpc/cache.c, I think qword_add still has the same semantics. Someone should definitely double-check this. In fs/proc/array.c, I made the minimum possible change, but longer-term it should stop poking around in seq_file internals. [andriy.shevchenko@linux.intel.com: simplify qword_add] [andriy.shevchenko@linux.intel.com: add missed curly braces] Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Rasmus Villemoes <linux@rasmusvillemoes.dk> 2015-04-15 19:17:28 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2015-04-15 19:35:24 -0400
commit: 41416f2330112d29f2cfa337bfc7e672bf0c2768 (patch)
tree: 6e4075399f1a2620ba33ec3cb6d83acdfa76ff73 /lib/test-string_helpers.c
parent: 3aeddc7d665e41b1ba193f5c427ca52086d085ae (diff)
1 files changed, 20 insertions, 20 deletions
diff --git a/lib/test-string_helpers.c b/lib/test-string_helpers.c
index ab0d30e1e18f..8e376efd88a4 100644
--- a/lib/test-string_helpers.c
+++ b/lib/test-string_helpers.c
@@ -260,16 +260,28 @@ static __init const char *test_string_find_match(const struct test_string_2 *s2,
        return NULL;
 }
+static __init void
+test_string_escape_overflow(const char *in, int p, unsigned int flags, const char *esc,
+                            int q_test, const char *name)
+{
+        int q_real;
+        q_real = string_escape_mem(in, p, NULL, 0, flags, esc);
+        if (q_real != q_test)
+                pr_warn("Test '%s' failed: flags = %u, osz = 0, expected %d, got %d\n",
+                        name, flags, q_test, q_real);
+}
 static __init void test_string_escape(const char *name,
                                      const struct test_string_2 *s2,
                                      unsigned int flags, const char *esc)
 {
-        int q_real = 512;
+        size_t out_size = 512;
-        char *out_test = kmalloc(q_real, GFP_KERNEL);
+        char *out_test = kmalloc(out_size, GFP_KERNEL);
-        char *out_real = kmalloc(q_real, GFP_KERNEL);
+        char *out_real = kmalloc(out_size, GFP_KERNEL);
        char *in = kmalloc(256, GFP_KERNEL);
-        char *buf = out_real;
        int p = 0, q_test = 0;
+        int q_real;
        if (!out_test || !out_real || !in)
                goto out;
@@ -301,29 +313,19 @@ static __init void test_string_escape(const char *name,
                q_test += len;
        }
-        q_real = string_escape_mem(in, p, &buf, q_real, flags, esc);
+        q_real = string_escape_mem(in, p, out_real, out_size, flags, esc);
        test_string_check_buf(name, flags, in, p, out_real, q_real, out_test,
                              q_test);
+        test_string_escape_overflow(in, p, flags, esc, q_test, name);
 out:
        kfree(in);
        kfree(out_real);
        kfree(out_test);
 }
-static __init void test_string_escape_nomem(void)
-{
-        char *in = "\eb \\C\007\"\x90\r]";
-        char out[64], *buf = out;
-        int rc = -ENOMEM, ret;
-        ret = string_escape_str_any_np(in, &buf, strlen(in), NULL);
-        if (ret == rc)
-                return;
-        pr_err("Test 'escape nomem' failed: got %d instead of %d\n", ret, rc);
-}
 static int __init test_string_helpers_init(void)
 {
        unsigned int i;
@@ -342,8 +344,6 @@ static int __init test_string_helpers_init(void)
        for (i = 0; i < (ESCAPE_ANY_NP | ESCAPE_HEX) + 1; i++)
                test_string_escape("escape 1", escape1, i, TEST_STRING_2_DICT_1);
-        test_string_escape_nomem();
        return -EINVAL;
 }
 module_init(test_string_helpers_init);
author	Rasmus Villemoes <linux@rasmusvillemoes.dk>	2015-04-15 19:17:28 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2015-04-15 19:35:24 -0400
commit	41416f2330112d29f2cfa337bfc7e672bf0c2768 (patch)
tree	6e4075399f1a2620ba33ec3cb6d83acdfa76ff73 /lib/test-string_helpers.c
parent	3aeddc7d665e41b1ba193f5c427ca52086d085ae (diff)