Minix/minix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed a bug in kstrncpy() that caused mayhem whenever the buffer to be

Browse Source 
copied into was the same size as the source string - it will keep on
filling with zeroes forever. This was a signed/unsigned bug, fixed by
making the kstrncpy argument ssize_t instead of size_t. This bug was
triggered by Chris Young <teddga@earthlink.net>, by dazzling coincedence -
changing OS_VERSION into something with one more character (exactly the
same size as the buffer in the kinfo struct).

Also noticed that the kstrncpy() call didn't null-terminate the strings
if necessary, also fixed.
This commit is contained in:
Ben Gras
2005-07-13 14:46:11 +00:00
parent 0f746219fc
commit f96645a4eb
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kernel/start.c
View File

@@ -55,8 +55,10 @@ U16_t parmoff, parmsize; /* boot parameters offset and length */
/* Record miscellaneous information for user-space servers. */
kinfo.nr_procs = NR_PROCS;
kinfo.nr_tasks = NR_TASKS;
kstrncpy(kinfo.release, OS_RELEASE, 4);
kstrncpy(kinfo.version, OS_VERSION, 4);
kstrncpy(kinfo.release, OS_RELEASE, sizeof(kinfo.release));
kinfo.release[sizeof(kinfo.release)-1] = '\0';
kstrncpy(kinfo.version, OS_VERSION, sizeof(kinfo.version));
kinfo.version[sizeof(kinfo.version)-1] = '\0';
kinfo.proc_addr = (vir_bytes) proc;
kinfo.kmem_base = vir2phys(0);
kinfo.kmem_size = (phys_bytes) &end;