* [PATCH 0/7] kdb: Refactor and fix bugs in kdb_read()
@ 2024-04-16 10:43 Daniel Thompson
2024-04-16 10:43 ` [PATCH 1/7] kdb: Fix buffer overflow during tab-complete Daniel Thompson
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Daniel Thompson @ 2024-04-16 10:43 UTC (permalink / raw
To: Jason Wessel, Douglas Anderson
Cc: kgdb-bugreport, linux-kernel, Justin Stitt, stable
Inspired by a patch from [Justin][1] I took a closer look at kdb_read().
Despite Justin's patch being a (correct) one-line manipulation it was a
tough patch to review because the surrounding code was hard to read and
it looked like there were unfixed problems.
This series isn't enough to make kdb_read() beautiful but it does make
it shorter, easier to reason about and fixes a buffer overflow and a
screen redraw problem!
[1]: https://lore.kernel.org/all/20240403-strncpy-kernel-debug-kdb-kdb_io-c-v1-1-7f78a08e9ff4@google.com/
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
---
Daniel Thompson (7):
kdb: Fix buffer overflow during tab-complete
kdb: Use format-strings rather than '\0' injection in kdb_read()
kdb: Fix console handling when editing and tab-completing commands
kdb: Replace double memcpy() with memmove() in kdb_read()
kdb: Merge identical case statements in kdb_read()
kdb: Use format-specifiers rather than memset() for padding in kdb_read()
kdb: Simplify management of tmpbuffer in kdb_read()
kernel/debug/kdb/kdb_io.c | 133 ++++++++++++++++++++--------------------------
1 file changed, 58 insertions(+), 75 deletions(-)
---
base-commit: dccce9b8780618986962ba37c373668bcf426866
change-id: 20240415-kgdb_read_refactor-2ea2dfc15dbb
Best regards,
--
Daniel Thompson <daniel.thompson@linaro.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/7] kdb: Fix buffer overflow during tab-complete
2024-04-16 10:43 [PATCH 0/7] kdb: Refactor and fix bugs in kdb_read() Daniel Thompson
@ 2024-04-16 10:43 ` Daniel Thompson
2024-04-16 10:43 ` [PATCH 2/7] kdb: Use format-strings rather than '\0' injection in kdb_read() Daniel Thompson
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Daniel Thompson @ 2024-04-16 10:43 UTC (permalink / raw
To: Jason Wessel, Douglas Anderson
Cc: kgdb-bugreport, linux-kernel, Justin Stitt, stable
Currently, when the user attempts symbol completion with the Tab key, kdb
will use strncpy() to insert the completed symbol into the command buffer.
Unfortunately it passes the size of the source buffer rather than the
destination to strncpy() with predictably horrible results. Most obviously
if the command buffer is already full but cp, the cursor position, is in
the middle of the buffer, then we will write past the end of the supplied
buffer.
Fix this by replacing the dubious strncpy() calls with memmove()/memcpy()
calls plus explicit boundary checks to make sure we have enough space
before we start moving characters around.
Reported-by: Justin Stitt <justinstitt@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
---
kernel/debug/kdb/kdb_io.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
index 9443bc63c5a24..06dfbccb10336 100644
--- a/kernel/debug/kdb/kdb_io.c
+++ b/kernel/debug/kdb/kdb_io.c
@@ -367,14 +367,19 @@ static char *kdb_read(char *buffer, size_t bufsize)
kdb_printf(kdb_prompt_str);
kdb_printf("%s", buffer);
} else if (tab != 2 && count > 0) {
- len_tmp = strlen(p_tmp);
- strncpy(p_tmp+len_tmp, cp, lastchar-cp+1);
- len_tmp = strlen(p_tmp);
- strncpy(cp, p_tmp+len, len_tmp-len + 1);
- len = len_tmp - len;
- kdb_printf("%s", cp);
- cp += len;
- lastchar += len;
+ /* How many new characters do we want from tmpbuffer? */
+ len_tmp = strlen(p_tmp) - len;
+ if (lastchar + len_tmp >= bufend)
+ len_tmp = bufend - lastchar;
+
+ if (len_tmp) {
+ /* + 1 ensures the '\0' is memmove'd */
+ memmove(cp+len_tmp, cp, (lastchar-cp) + 1);
+ memcpy(cp, p_tmp+len, len_tmp);
+ kdb_printf("%s", cp);
+ cp += len_tmp;
+ lastchar += len_tmp;
+ }
}
kdb_nextline = 1; /* reset output line number */
break;
--
2.43.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/7] kdb: Use format-strings rather than '\0' injection in kdb_read()
2024-04-16 10:43 [PATCH 0/7] kdb: Refactor and fix bugs in kdb_read() Daniel Thompson
2024-04-16 10:43 ` [PATCH 1/7] kdb: Fix buffer overflow during tab-complete Daniel Thompson
@ 2024-04-16 10:43 ` Daniel Thompson
2024-04-16 10:43 ` [PATCH 3/7] kdb: Fix console handling when editing and tab-completing commands Daniel Thompson
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Daniel Thompson @ 2024-04-16 10:43 UTC (permalink / raw
To: Jason Wessel, Douglas Anderson; +Cc: kgdb-bugreport, linux-kernel, stable
Currently when kdb_read() needs to reposition the cursor it uses copy and
paste code that works by injecting an '\0' at the cursor position before
delivering a carriage-return and reprinting the line (which stops at the
'\0').
Tidy up the code by hoisting the copy and paste code into an appropriately
named function. Additionally let's replace the '\0' injection with a
proper field width parameter so that the string will be abridged during
formatting instead.
Cc: stable@vger.kernel.org # Not a bug fix but it is needed for later bug fixes
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
---
kernel/debug/kdb/kdb_io.c | 34 ++++++++++++++--------------------
1 file changed, 14 insertions(+), 20 deletions(-)
diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
index 06dfbccb10336..a42607e4d1aba 100644
--- a/kernel/debug/kdb/kdb_io.c
+++ b/kernel/debug/kdb/kdb_io.c
@@ -184,6 +184,13 @@ char kdb_getchar(void)
unreachable();
}
+static void kdb_position_cursor(char *prompt, char *buffer, char *cp)
+{
+ kdb_printf("\r%s", kdb_prompt_str);
+ if (cp > buffer)
+ kdb_printf("%.*s", (int)(cp - buffer), buffer);
+}
+
/*
* kdb_read
*
@@ -249,12 +256,8 @@ static char *kdb_read(char *buffer, size_t bufsize)
}
*(--lastchar) = '\0';
--cp;
- kdb_printf("\b%s \r", cp);
- tmp = *cp;
- *cp = '\0';
- kdb_printf(kdb_prompt_str);
- kdb_printf("%s", buffer);
- *cp = tmp;
+ kdb_printf("\b%s ", cp);
+ kdb_position_cursor(kdb_prompt_str, buffer, cp);
}
break;
case 10: /* linefeed */
@@ -272,19 +275,14 @@ static char *kdb_read(char *buffer, size_t bufsize)
memcpy(tmpbuffer, cp+1, lastchar - cp - 1);
memcpy(cp, tmpbuffer, lastchar - cp - 1);
*(--lastchar) = '\0';
- kdb_printf("%s \r", cp);
- tmp = *cp;
- *cp = '\0';
- kdb_printf(kdb_prompt_str);
- kdb_printf("%s", buffer);
- *cp = tmp;
+ kdb_printf("%s ", cp);
+ kdb_position_cursor(kdb_prompt_str, buffer, cp);
}
break;
case 1: /* Home */
if (cp > buffer) {
- kdb_printf("\r");
- kdb_printf(kdb_prompt_str);
cp = buffer;
+ kdb_position_cursor(kdb_prompt_str, buffer, cp);
}
break;
case 5: /* End */
@@ -390,13 +388,9 @@ static char *kdb_read(char *buffer, size_t bufsize)
memcpy(cp+1, tmpbuffer, lastchar - cp);
*++lastchar = '\0';
*cp = key;
- kdb_printf("%s\r", cp);
+ kdb_printf("%s", cp);
++cp;
- tmp = *cp;
- *cp = '\0';
- kdb_printf(kdb_prompt_str);
- kdb_printf("%s", buffer);
- *cp = tmp;
+ kdb_position_cursor(kdb_prompt_str, buffer, cp);
} else {
*++lastchar = '\0';
*cp++ = key;
--
2.43.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/7] kdb: Fix console handling when editing and tab-completing commands
2024-04-16 10:43 [PATCH 0/7] kdb: Refactor and fix bugs in kdb_read() Daniel Thompson
2024-04-16 10:43 ` [PATCH 1/7] kdb: Fix buffer overflow during tab-complete Daniel Thompson
2024-04-16 10:43 ` [PATCH 2/7] kdb: Use format-strings rather than '\0' injection in kdb_read() Daniel Thompson
@ 2024-04-16 10:43 ` Daniel Thompson
2024-04-16 10:43 ` [PATCH 4/7] kdb: Replace double memcpy() with memmove() in kdb_read() Daniel Thompson
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Daniel Thompson @ 2024-04-16 10:43 UTC (permalink / raw
To: Jason Wessel, Douglas Anderson; +Cc: kgdb-bugreport, linux-kernel, stable
Currently, if the cursor position is not at the end of the command buffer
and the user uses the Tab-complete functions, then the console does not
leave the cursor in the correct position.
For example consider the following buffer with the cursor positioned
at the ^:
md kdb_pro 10
^
Pressing tab should result in:
md kdb_prompt_str 10
^
However this does not happen. Instead the cursor is placed at the end
(after then 10) and further cursor movement redraws incorrectly. The
same problem exists when we double-Tab but in a different part of the
code.
Fix this by sending a carriage return and then redisplaying the text to
the left of the cursor.
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
---
kernel/debug/kdb/kdb_io.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
index a42607e4d1aba..69549fe42e87b 100644
--- a/kernel/debug/kdb/kdb_io.c
+++ b/kernel/debug/kdb/kdb_io.c
@@ -364,6 +364,8 @@ static char *kdb_read(char *buffer, size_t bufsize)
kdb_printf("\n");
kdb_printf(kdb_prompt_str);
kdb_printf("%s", buffer);
+ if (cp != lastchar)
+ kdb_position_cursor(kdb_prompt_str, buffer, cp);
} else if (tab != 2 && count > 0) {
/* How many new characters do we want from tmpbuffer? */
len_tmp = strlen(p_tmp) - len;
@@ -377,6 +379,9 @@ static char *kdb_read(char *buffer, size_t bufsize)
kdb_printf("%s", cp);
cp += len_tmp;
lastchar += len_tmp;
+ if (cp != lastchar)
+ kdb_position_cursor(kdb_prompt_str,
+ buffer, cp);
}
}
kdb_nextline = 1; /* reset output line number */
--
2.43.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 4/7] kdb: Replace double memcpy() with memmove() in kdb_read()
2024-04-16 10:43 [PATCH 0/7] kdb: Refactor and fix bugs in kdb_read() Daniel Thompson
` (2 preceding siblings ...)
2024-04-16 10:43 ` [PATCH 3/7] kdb: Fix console handling when editing and tab-completing commands Daniel Thompson
@ 2024-04-16 10:43 ` Daniel Thompson
2024-04-16 10:43 ` [PATCH 5/7] kdb: Merge identical case statements " Daniel Thompson
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Daniel Thompson @ 2024-04-16 10:43 UTC (permalink / raw
To: Jason Wessel, Douglas Anderson; +Cc: kgdb-bugreport, linux-kernel
At several points in kdb_read() there are variants of the following
code pattern (with offsets slightly altered):
memcpy(tmpbuffer, cp, lastchar - cp);
memcpy(cp-1, tmpbuffer, lastchar - cp);
*(--lastchar) = '\0';
There is no need to use tmpbuffer here, since we can use memmove() instead
so refactor in the obvious way. Additionally the strings that are being
copied are already properly terminated so let's also change the code so
that the library calls also move the terminator.
Changing how the terminators are managed has no functional effect for now
but might allow us to retire lastchar at a later point. lastchar, although
stored as a pointer, is functionally equivalent to caching strlen(buffer).
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
---
kernel/debug/kdb/kdb_io.c | 19 +++++++------------
1 file changed, 7 insertions(+), 12 deletions(-)
diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
index 69549fe42e87b..df7b5eb52d74f 100644
--- a/kernel/debug/kdb/kdb_io.c
+++ b/kernel/debug/kdb/kdb_io.c
@@ -250,12 +250,9 @@ static char *kdb_read(char *buffer, size_t bufsize)
switch (key) {
case 8: /* backspace */
if (cp > buffer) {
- if (cp < lastchar) {
- memcpy(tmpbuffer, cp, lastchar - cp);
- memcpy(cp-1, tmpbuffer, lastchar - cp);
- }
- *(--lastchar) = '\0';
- --cp;
+ memmove(cp-1, cp, lastchar - cp + 1);
+ lastchar--;
+ cp--;
kdb_printf("\b%s ", cp);
kdb_position_cursor(kdb_prompt_str, buffer, cp);
}
@@ -272,9 +269,8 @@ static char *kdb_read(char *buffer, size_t bufsize)
return buffer;
case 4: /* Del */
if (cp < lastchar) {
- memcpy(tmpbuffer, cp+1, lastchar - cp - 1);
- memcpy(cp, tmpbuffer, lastchar - cp - 1);
- *(--lastchar) = '\0';
+ memmove(cp, cp+1, lastchar - cp);
+ lastchar--;
kdb_printf("%s ", cp);
kdb_position_cursor(kdb_prompt_str, buffer, cp);
}
@@ -389,9 +385,8 @@ static char *kdb_read(char *buffer, size_t bufsize)
default:
if (key >= 32 && lastchar < bufend) {
if (cp < lastchar) {
- memcpy(tmpbuffer, cp, lastchar - cp);
- memcpy(cp+1, tmpbuffer, lastchar - cp);
- *++lastchar = '\0';
+ memmove(cp+1, cp, lastchar - cp + 1);
+ lastchar++;
*cp = key;
kdb_printf("%s", cp);
++cp;
--
2.43.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 5/7] kdb: Merge identical case statements in kdb_read()
2024-04-16 10:43 [PATCH 0/7] kdb: Refactor and fix bugs in kdb_read() Daniel Thompson
` (3 preceding siblings ...)
2024-04-16 10:43 ` [PATCH 4/7] kdb: Replace double memcpy() with memmove() in kdb_read() Daniel Thompson
@ 2024-04-16 10:43 ` Daniel Thompson
2024-04-16 10:43 ` [PATCH 6/7] kdb: Use format-specifiers rather than memset() for padding " Daniel Thompson
2024-04-16 10:43 ` [PATCH 7/7] kdb: Simplify management of tmpbuffer " Daniel Thompson
6 siblings, 0 replies; 8+ messages in thread
From: Daniel Thompson @ 2024-04-16 10:43 UTC (permalink / raw
To: Jason Wessel, Douglas Anderson; +Cc: kgdb-bugreport, linux-kernel
The code that handles case 14 (down) and case 16 (up) has been copy and
pasted despite being byte-for-byte identical. Combine them.
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
---
kernel/debug/kdb/kdb_io.c | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
index df7b5eb52d74f..08a86a329eb64 100644
--- a/kernel/debug/kdb/kdb_io.c
+++ b/kernel/debug/kdb/kdb_io.c
@@ -294,6 +294,7 @@ static char *kdb_read(char *buffer, size_t bufsize)
}
break;
case 14: /* Down */
+ case 16: /* Up */
memset(tmpbuffer, ' ',
strlen(kdb_prompt_str) + (lastchar-buffer));
*(tmpbuffer+strlen(kdb_prompt_str) +
@@ -308,15 +309,6 @@ static char *kdb_read(char *buffer, size_t bufsize)
++cp;
}
break;
- case 16: /* Up */
- memset(tmpbuffer, ' ',
- strlen(kdb_prompt_str) + (lastchar-buffer));
- *(tmpbuffer+strlen(kdb_prompt_str) +
- (lastchar-buffer)) = '\0';
- kdb_printf("\r%s\r", tmpbuffer);
- *lastchar = (char)key;
- *(lastchar+1) = '\0';
- return lastchar;
case 9: /* Tab */
if (tab < 2)
++tab;
--
2.43.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 6/7] kdb: Use format-specifiers rather than memset() for padding in kdb_read()
2024-04-16 10:43 [PATCH 0/7] kdb: Refactor and fix bugs in kdb_read() Daniel Thompson
` (4 preceding siblings ...)
2024-04-16 10:43 ` [PATCH 5/7] kdb: Merge identical case statements " Daniel Thompson
@ 2024-04-16 10:43 ` Daniel Thompson
2024-04-16 10:43 ` [PATCH 7/7] kdb: Simplify management of tmpbuffer " Daniel Thompson
6 siblings, 0 replies; 8+ messages in thread
From: Daniel Thompson @ 2024-04-16 10:43 UTC (permalink / raw
To: Jason Wessel, Douglas Anderson; +Cc: kgdb-bugreport, linux-kernel
Currently when the current line should be removed from the display
kdb_read() uses memset() to fill a temporary buffer with spaces.
This can be trivially implemented using a format string. Make it so!
Note that this also simplifies the code by making the tab-completion
code the only code that uses tmpbuffer (and therefore makes reviewing
to ensure tmpbuffer can never overflow much easier).
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
---
kernel/debug/kdb/kdb_io.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
index 08a86a329eb64..94a638a9d52fa 100644
--- a/kernel/debug/kdb/kdb_io.c
+++ b/kernel/debug/kdb/kdb_io.c
@@ -295,11 +295,9 @@ static char *kdb_read(char *buffer, size_t bufsize)
break;
case 14: /* Down */
case 16: /* Up */
- memset(tmpbuffer, ' ',
- strlen(kdb_prompt_str) + (lastchar-buffer));
- *(tmpbuffer+strlen(kdb_prompt_str) +
- (lastchar-buffer)) = '\0';
- kdb_printf("\r%s\r", tmpbuffer);
+ kdb_printf("\r%*c\r",
+ (int)(strlen(kdb_prompt_str) + (lastchar - buffer)),
+ ' ');
*lastchar = (char)key;
*(lastchar+1) = '\0';
return lastchar;
--
2.43.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 7/7] kdb: Simplify management of tmpbuffer in kdb_read()
2024-04-16 10:43 [PATCH 0/7] kdb: Refactor and fix bugs in kdb_read() Daniel Thompson
` (5 preceding siblings ...)
2024-04-16 10:43 ` [PATCH 6/7] kdb: Use format-specifiers rather than memset() for padding " Daniel Thompson
@ 2024-04-16 10:43 ` Daniel Thompson
6 siblings, 0 replies; 8+ messages in thread
From: Daniel Thompson @ 2024-04-16 10:43 UTC (permalink / raw
To: Jason Wessel, Douglas Anderson; +Cc: kgdb-bugreport, linux-kernel
The current approach to filling tmpbuffer with completion candidates is
confusing, with the buffer management being especially hard to reason
about. That's because it doesn't copy the completion canidate into
tmpbuffer, instead of copies a whole bunch of other nonsense and then
runs the completion stearch from the middle of tmpbuffer!
Change this to copy nothing but the completion candidate into tmpbuffer.
Pretty much everything else in this patch is renaming to reflect the
above change:
s/p_tmp/tmpbuffer/
s/buf_size/sizeof(tmpbuffer)/
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
---
kernel/debug/kdb/kdb_io.c | 40 +++++++++++++++++-----------------------
1 file changed, 17 insertions(+), 23 deletions(-)
diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
index 94a638a9d52fa..640208675c9a8 100644
--- a/kernel/debug/kdb/kdb_io.c
+++ b/kernel/debug/kdb/kdb_io.c
@@ -227,8 +227,7 @@ static char *kdb_read(char *buffer, size_t bufsize)
int count;
int i;
int diag, dtab_count;
- int key, buf_size, ret;
-
+ int key, ret;
diag = kdbgetintenv("DTABCOUNT", &dtab_count);
if (diag)
@@ -310,21 +309,16 @@ static char *kdb_read(char *buffer, size_t bufsize)
case 9: /* Tab */
if (tab < 2)
++tab;
- p_tmp = buffer;
- while (*p_tmp == ' ')
- p_tmp++;
- if (p_tmp > cp)
- break;
- memcpy(tmpbuffer, p_tmp, cp-p_tmp);
- *(tmpbuffer + (cp-p_tmp)) = '\0';
- p_tmp = strrchr(tmpbuffer, ' ');
- if (p_tmp)
- ++p_tmp;
- else
- p_tmp = tmpbuffer;
- len = strlen(p_tmp);
- buf_size = sizeof(tmpbuffer) - (p_tmp - tmpbuffer);
- count = kallsyms_symbol_complete(p_tmp, buf_size);
+
+ tmp = *cp;
+ *cp = '\0';
+ p_tmp = strrchr(buffer, ' ');
+ p_tmp = (p_tmp ? p_tmp + 1 : buffer);
+ strscpy(tmpbuffer, p_tmp, sizeof(tmpbuffer));
+ *cp = tmp;
+
+ len = strlen(tmpbuffer);
+ count = kallsyms_symbol_complete(tmpbuffer, sizeof(tmpbuffer));
if (tab == 2 && count > 0) {
kdb_printf("\n%d symbols are found.", count);
if (count > dtab_count) {
@@ -336,14 +330,14 @@ static char *kdb_read(char *buffer, size_t bufsize)
}
kdb_printf("\n");
for (i = 0; i < count; i++) {
- ret = kallsyms_symbol_next(p_tmp, i, buf_size);
+ ret = kallsyms_symbol_next(tmpbuffer, i, sizeof(tmpbuffer));
if (WARN_ON(!ret))
break;
if (ret != -E2BIG)
- kdb_printf("%s ", p_tmp);
+ kdb_printf("%s ", tmpbuffer);
else
- kdb_printf("%s... ", p_tmp);
- *(p_tmp + len) = '\0';
+ kdb_printf("%s... ", tmpbuffer);
+ tmpbuffer[len] = '\0';
}
if (i >= dtab_count)
kdb_printf("...");
@@ -354,14 +348,14 @@ static char *kdb_read(char *buffer, size_t bufsize)
kdb_position_cursor(kdb_prompt_str, buffer, cp);
} else if (tab != 2 && count > 0) {
/* How many new characters do we want from tmpbuffer? */
- len_tmp = strlen(p_tmp) - len;
+ len_tmp = strlen(tmpbuffer) - len;
if (lastchar + len_tmp >= bufend)
len_tmp = bufend - lastchar;
if (len_tmp) {
/* + 1 ensures the '\0' is memmove'd */
memmove(cp+len_tmp, cp, (lastchar-cp) + 1);
- memcpy(cp, p_tmp+len, len_tmp);
+ memcpy(cp, tmpbuffer+len, len_tmp);
kdb_printf("%s", cp);
cp += len_tmp;
lastchar += len_tmp;
--
2.43.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-04-16 10:45 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-16 10:43 [PATCH 0/7] kdb: Refactor and fix bugs in kdb_read() Daniel Thompson
2024-04-16 10:43 ` [PATCH 1/7] kdb: Fix buffer overflow during tab-complete Daniel Thompson
2024-04-16 10:43 ` [PATCH 2/7] kdb: Use format-strings rather than '\0' injection in kdb_read() Daniel Thompson
2024-04-16 10:43 ` [PATCH 3/7] kdb: Fix console handling when editing and tab-completing commands Daniel Thompson
2024-04-16 10:43 ` [PATCH 4/7] kdb: Replace double memcpy() with memmove() in kdb_read() Daniel Thompson
2024-04-16 10:43 ` [PATCH 5/7] kdb: Merge identical case statements " Daniel Thompson
2024-04-16 10:43 ` [PATCH 6/7] kdb: Use format-specifiers rather than memset() for padding " Daniel Thompson
2024-04-16 10:43 ` [PATCH 7/7] kdb: Simplify management of tmpbuffer " Daniel Thompson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.