From: "Kumar, Kaushlendra" <kaushlendra.kumar@intel.com>
To: SeongJae Park <sj@kernel.org>
Cc: "akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>
Subject: Re: [PATCH] tools/mm/slabinfo.c: fix access to null terminator in string
Date: Sat, 30 Aug 2025 17:34:28 +0000 [thread overview]
Message-ID: <LV3PR11MB87686F53ECF79054F3AF70F9F505A@LV3PR11MB8768.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20250829192125.60930-1-sj@kernel.org>
[-- Attachment #1: Type: text/plain, Size: 2133 bytes --]
> I'd prefer not mixing declarations with statements.
Thank you for the feedback! I've addressed this in v2 by moving the
variable declaration to function scope.
v2 patch sent with the requested change.
Best regards,
Kaushlendra
________________________________
From: SeongJae Park <sj@kernel.org>
Sent: Saturday, August 30, 2025 12:51 AM
To: Kumar, Kaushlendra <kaushlendra.kumar@intel.com>
Cc: SeongJae Park <sj@kernel.org>; akpm@linux-foundation.org <akpm@linux-foundation.org>; linux-mm@kvack.org <linux-mm@kvack.org>
Subject: Re: [PATCH] tools/mm/slabinfo.c: fix access to null terminator in string
Hello Kaushlendra,
On Fri, 29 Aug 2025 14:17:38 +0530 Kaushlendra Kumar <kaushlendra.kumar@intel.com> wrote:
> The current code incorrectly accesses buffer[strlen(buffer)],
> which points to the null terminator ('\0') at the end of the
> string. This is technically out-of-bounds access since valid
> string content ends at index strlen(buffer)-1.
>
> Fix by:
> 1. Storing strlen() result to avoid redundant calls
> 2. Adding bounds check (len > 0) to handle empty strings
> 3. Using buffer[len-1] to correctly access the last character
> before the null terminator
>
> Signed-off-by: Kaushlendra Kumar <kaushlendra.kumar@intel.com>
> ---
> tools/mm/slabinfo.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/tools/mm/slabinfo.c b/tools/mm/slabinfo.c
> index 1433eff99feb..ac0cc6c1c87e 100644
> --- a/tools/mm/slabinfo.c
> +++ b/tools/mm/slabinfo.c
> @@ -165,8 +165,10 @@ static unsigned long read_obj(const char *name)
> if (!fgets(buffer, sizeof(buffer), f))
> buffer[0] = 0;
> fclose(f);
> - if (buffer[strlen(buffer)] == '\n')
> - buffer[strlen(buffer)] = 0;
> + size_t len = strlen(buffer);
I'd prefer not mixing declarations with statements.
> +
> + if (len > 0 && buffer[len - 1] == '\n')
> + buffer[len - 1] = 0;
> }
> return strlen(buffer);
> }
> --
> 2.34.1
Thanks,
SJ
[-- Attachment #2: Type: text/html, Size: 5377 bytes --]
prev parent reply other threads:[~2025-08-30 17:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-29 8:47 Kaushlendra Kumar
2025-08-29 19:21 ` SeongJae Park
2025-08-30 17:34 ` Kumar, Kaushlendra [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=LV3PR11MB87686F53ECF79054F3AF70F9F505A@LV3PR11MB8768.namprd11.prod.outlook.com \
--to=kaushlendra.kumar@intel.com \
--cc=akpm@linux-foundation.org \
--cc=linux-mm@kvack.org \
--cc=sj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox