On 29/10/17(Sun) 12:05, Helg Bredow wrote:
> > > [...]
> > > + } else if (strchr(o->templ, '%') == NULL) {
> > > + *((int *)(data + o->off)) = o->val;
> >
> > Are you sure you can simply deference "data + o->off" w/o sanity check?
>
> I don't know what sanity checks we can apply here. We are relying on the fuse
> file system to have supplied the correct offset into the struct. What's the
> worst that can happen? A badly written file system crashes? I'm happy to
> receive advice on how to make this more robust.
One solution to explore would be to introduce a new argument to
fuse_opt_parse() corresponding to the length of data.
I don't know how much code could benefit from this since fuse_opt_parse()
is a public API. However internal calls like in fuse_parse_cmdline()
could already make use of it.
Anyway your diff is ok mpi@
