When an XDR counted array has a maximum element count, xdrgen adds
a bounds check to the encoder or decoder for that type. But in cases
where the .x provides no maximum element count, such as
struct notify4 {
/* composed from notify_type4 or notify_deviceid_type4 */
bitmap4 notify_mask;
notifylist4 notify_vals;
};
struct CB_NOTIFY4args {
stateid4 cna_stateid;
nfs_fh4 cna_fh;
notify4 cna_changes<>;
};
xdrgen is supposed to omit that bounds check. Some of the Jinja2
templates handle that correctly, but a few are incorrect and leave
the bounds check in place with a maximum of zero, which causes
encoding/decoding of that type to fail unconditionally.
Reported-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
{% if annotate %}
/* member {{ name }} (variable-length array) */
{% endif %}
+{% if maxsize != "0" %}
if (value->{{ name }}.count > {{ maxsize }})
return false;
+{% endif %}
if (xdr_stream_encode_u32(xdr, value->{{ name }}.count) != XDR_UNIT)
return false;
for (u32 i = 0; i < value->{{ name }}.count; i++)
{% if annotate %}
/* member {{ name }} (variable-length array) */
{% endif %}
+{% if maxsize != "0" %}
if (value->{{ name }}.count > {{ maxsize }})
return false;
+{% endif %}
if (xdr_stream_encode_u32(xdr, value->{{ name }}.count) != XDR_UNIT)
return false;
for (u32 i = 0; i < value->{{ name }}.count; i++)
{% endif %}
if (xdr_stream_decode_u32(xdr, &count) < 0)
return false;
+{% if maxsize != "0" %}
if (count > {{ maxsize }})
return false;
+{% endif %}
for (u32 i = 0; i < count; i++) {
if (xdrgen_decode_{{ type }}(xdr, &ptr->{{ name }}.items[i]) < 0)
return false;
projects / thirdparty / linux.git / commitdiff
