18 Feb
2019
18 Feb
'19
2:50 a.m.
Hi Xiang,
On 2019/2/18 10:17, Gao Xiang wrote:
Hi Chao,
On 2019/2/18 9:39, Chao Yu wrote:
If the image is corrupted, qn->name[i] may be anything, as you commented above DBG_BUGON(), we really don't need to go through any later codes, it can avoid potentially encoutnering wrong condition.
- otherwise, it will return 1 to just skip the invalid name
Just I commented in the following source code, qn is actually the user requested name allocated in __d_alloc, which can be guaranteed with the trailing '\0' and it is a valid string.
Alright, I agreed below codes can guarantee that. :)
Thanks,
Thanks, Gao Xiang
- /* qd could not have trailing '\0' */
- /* However it is absolutely safe if < qd->end */
- while (qd->name + i < qd->end && qd->name[i] != '\0') {
if (qn->name[i] != qd->name[i]) {*matched = i;return qn->name[i] > qd->name[i] ? 1 : -1;
return (qn->len > qd->len);
++i;
- if (qn->name[i] != qd->name[i]) {
*matched = i;return qn->name[i] > qd->name[i] ? 1 : -1;- }
- ++i;
- goto loop;
- *matched = i;
- /* See comments in __d_alloc on the terminating NUL character */
- return qn->name[i] == '\0' ? 0 : 1;
}
.