于 2013年02月28日 19:13, Chen Gang 写道:

于 2013年02月28日 18:41, Jiri Slaby 写道:

quoted

On 02/26/2013 04:43 AM, Chen Gang wrote:

quoted

quoted

  when strlen pi->location_code is larger than HVCS_CLC_LENGTH + 1,
    original implementation can not let hvcsd->p_location_code NUL terminated.
  so need fix it (also can simplify the code)

It should never be larger because the +1 is exactly for NUL. But it is a
cleanup, so why not...

  when strlen(&pi->location_code[0]) == HVCS_CLC_LENGTH + 2
    then clclength will be reset to HVCS_CLC_LENGTH.

    when call strncpy, the clclength + 1 == HVCS_CLS_LENGTH + 1
      but the '\0' of src buf is located at HVCS_CLS_LENGTH + 2.

        but the '\0' of src buf is located at HVCS_CLS_LENGTH + 3. (not + 2)

      so no '\0' copied to dest buf.

    then the dest buf will not be ended by '\0'.

  is it correct ?

  :-)

gchen.
 

quoted

quoted

quoted

Signed-off-by: Chen Gang <redacted>
---
 drivers/tty/hvc/hvcs.c |    9 ++-------
 1 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c
index 1956593..81e939e 100644
--- a/drivers/tty/hvc/hvcs.c
+++ b/drivers/tty/hvc/hvcs.c

@@ -881,17 +881,12 @@ static struct vio_driver hvcs_vio_driver = {
 /* Only called from hvcs_get_pi please */
 static void hvcs_set_pi(struct hvcs_partner_info *pi, struct hvcs_struct *hvcsd)
 {
-	int clclength;
-
 	hvcsd->p_unit_address = pi->unit_address;
 	hvcsd->p_partition_ID  = pi->partition_ID;
-	clclength = strlen(&pi->location_code[0]);
-	if (clclength > HVCS_CLC_LENGTH)
-		clclength = HVCS_CLC_LENGTH;
 
 	/* copy the null-term char too */
-	strncpy(&hvcsd->p_location_code[0],
-			&pi->location_code[0], clclength + 1);
+	strlcpy(&hvcsd->p_location_code[0],
+			&pi->location_code[0], sizeof(hvcsd->p_location_code));
 }
 
 /*

-- 
Chen Gang

Asianux Corporation