From: Giese, B. <Bru...@an...> - 2005-02-08 14:08:53
|
In mount01.c: This looks like a bug in the test case. In the code snippet below: if (Tflag) { Fstype =3D (char *) malloc(strlen(fstype)); ^^^^^^^^^^^^^^^ malloc(strlen(fstype) + 1) WOULD BE CORRECT if(Fstype =3D=3D NULL) { tst_brkm(TBROK, NULL, "malloc - failed to alloc %d" "errno %d", strlen(fstype), errno); } strncpy(Fstype, fstype, strlen(fstype)); ^^^^^^^^^^^^^ strlen(fstype) + 1 WOULD BE CORRECT } else { Fstype =3D (char *) malloc(strlen(DEFAULT_FSTYPE)); ^^^^^^^^^^^^^^^ malloc(strlen(DEFAULT_FSTYPE) + 1) WOULD BE CORRECT if(Fstype =3D=3D NULL) { tst_brkm(TBROK, NULL, "malloc - failed to alloc %d" "errno %d", strlen(DEFAULT_FSTYPE), errno); } strncpy(Fstype, DEFAULT_FSTYPE, strlen(DEFAULT_FSTYPE)); ^^^^^^^^^^^^^^^^^^ =09 strlen(DEFAULT_FSTYPE) + 1 WOULD BE CORRECT } In either case (Tflag or not), one less byte is being allocated (the space for '\0') and one less byte is being copied. The variable Fstype is subsequently used in the mount call that expects a const char *, which I presume has to be '\0 terminated - the mount documentation (man 2 mount) does not say anything otherwise. Looking at the sys_mount code in linux-2.6.x/fs directory, there is a path that leads to a strcpy, which would require a trailing '\0'. (sys_mount do_mount do_kern_mount get_fs_type strcpy) Bruce Giese (relaying what was said by one of our contractors in India) |