Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
xdrgen: Initialize data pointer for zero-length items
The xdrgen decoders for strings and opaque data had an
optimization that skipped calling xdr_inline_decode() when the
item length was zero. This left the data pointer uninitialized,
which could lead to unpredictable behavior when callers access
it.
Remove the zero-length check and always call xdr_inline_decode().
When passed a length of zero, xdr_inline_decode() returns the
current buffer position, which is valid and matches the behavior
of hand-coded XDR decoders throughout the kernel.
Fixes: 4b132aacb076 ("tools: Add xdrgen")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: NeilBrown <neil@brown.name>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+8
-12
+8
-12
include/linux/sunrpc/xdrgen/_builtins.h
+8
-12
include/linux/sunrpc/xdrgen/_builtins.h
···
248
248
return false;
249
249
if (unlikely(maxlen && len > maxlen))
250
250
return false;
251
-
if (len != 0) {
252
-
p = xdr_inline_decode(xdr, len);
253
-
if (unlikely(!p))
254
-
return false;
255
-
ptr->data = (unsigned char *)p;
256
-
}
251
+
p = xdr_inline_decode(xdr, len);
252
+
if (unlikely(!p))
253
+
return false;
254
+
ptr->data = (unsigned char *)p;
257
255
ptr->len = len;
258
256
return true;
259
257
}
···
277
279
return false;
278
280
if (unlikely(maxlen && len > maxlen))
279
281
return false;
280
-
if (len != 0) {
281
-
p = xdr_inline_decode(xdr, len);
282
-
if (unlikely(!p))
283
-
return false;
284
-
ptr->data = (u8 *)p;
285
-
}
282
+
p = xdr_inline_decode(xdr, len);
283
+
if (unlikely(!p))
284
+
return false;
285
+
ptr->data = (u8 *)p;
286
286
ptr->len = len;
287
287
return true;
288
288
}