Hello!
On Oct 22, 2014, at 6:32 AM, Dan Carpenter wrote:
> In that case, size == 0 seems to be the wrong value size for an
lov param
> as well.
I don't know about this. The code is very clear that size == 0 is
acceptable inside the if statement. Oleg?
I am not sure what if statement do you mean?
If it's the "if ((strncmp(name, XATTR_TRUSTED_PREFIX," one then size of 0
does seem to be incorrect:
struct lov_user_md *lump = (struct lov_user_md *)value;
// (I hope this is not a user pointer?)
…
if (lump != NULL && lump->lmm_stripe_offset == 0)
lump->lmm_stripe_offset = -1;
// So, if lump is 0, we are already accessing past allowed range
…
int lum_size = (lump->lmm_magic == LOV_USER_MAGIC_V1) ?
and again…
Bye,
Oleg