> I'd prefer not mixing declarations with statements. Thank you for the feedback! I've addressed this in v2 by moving the variable declaration to function scope. v2 patch sent with the requested change. Best regards, Kaushlendra ________________________________ From: SeongJae Park Sent: Saturday, August 30, 2025 12:51 AM To: Kumar, Kaushlendra Cc: SeongJae Park ; akpm@linux-foundation.org ; linux-mm@kvack.org Subject: Re: [PATCH] tools/mm/slabinfo.c: fix access to null terminator in string Hello Kaushlendra, On Fri, 29 Aug 2025 14:17:38 +0530 Kaushlendra Kumar wrote: > The current code incorrectly accesses buffer[strlen(buffer)], > which points to the null terminator ('\0') at the end of the > string. This is technically out-of-bounds access since valid > string content ends at index strlen(buffer)-1. > > Fix by: > 1. Storing strlen() result to avoid redundant calls > 2. Adding bounds check (len > 0) to handle empty strings > 3. Using buffer[len-1] to correctly access the last character > before the null terminator > > Signed-off-by: Kaushlendra Kumar > --- > tools/mm/slabinfo.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/tools/mm/slabinfo.c b/tools/mm/slabinfo.c > index 1433eff99feb..ac0cc6c1c87e 100644 > --- a/tools/mm/slabinfo.c > +++ b/tools/mm/slabinfo.c > @@ -165,8 +165,10 @@ static unsigned long read_obj(const char *name) > if (!fgets(buffer, sizeof(buffer), f)) > buffer[0] = 0; > fclose(f); > - if (buffer[strlen(buffer)] == '\n') > - buffer[strlen(buffer)] = 0; > + size_t len = strlen(buffer); I'd prefer not mixing declarations with statements. > + > + if (len > 0 && buffer[len - 1] == '\n') > + buffer[len - 1] = 0; > } > return strlen(buffer); > } > -- > 2.34.1 Thanks, SJ