[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240315-snprintf-checkpatch-v3-1-a451e7664306@google.com>
Date: Fri, 15 Mar 2024 20:09:11 +0000
From: Justin Stitt <justinstitt@...gle.com>
To: Andy Whitcroft <apw@...onical.com>, Joe Perches <joe@...ches.com>,
Dwaipayan Ray <dwaipayanray1@...il.com>, Lukas Bulwahn <lukas.bulwahn@...il.com>
Cc: linux-kernel@...r.kernel.org, Lee Jones <lee@...nel.org>,
linux-hardening@...r.kernel.org, Kees Cook <keescook@...omium.org>,
Finn Thain <fthain@...ux-m68k.org>, Justin Stitt <justinstitt@...gle.com>
Subject: [PATCH v3] checkpatch: add check for snprintf to scnprintf
I am going to quote Lee Jones who has been doing some snprintf ->
scnprintf refactorings:
"There is a general misunderstanding amongst engineers that
{v}snprintf() returns the length of the data *actually* encoded into the
destination array. However, as per the C99 standard {v}snprintf()
really returns the length of the data that *would have been* written if
there were enough space for it. This misunderstanding has led to
buffer-overruns in the past. It's generally considered safer to use the
{v}scnprintf() variants in their place (or even sprintf() in simple
cases). So let's do that."
To help prevent new instances of snprintf() from popping up, let's add a
check to checkpatch.pl.
Suggested-by: Finn Thain <fthain@...ux-m68k.org>
Signed-off-by: Justin Stitt <justinstitt@...gle.com>
---
Changes in v3:
- fix indentation
- add reference link (https://github.com/KSPP/linux/issues/105) (thanks Joe)
- Link to v2: https://lore.kernel.org/r/20240221-snprintf-checkpatch-v2-1-9baeb59dae30@google.com
Changes in v2:
- Had a vim moment and deleted a character before sending the patch.
- Replaced the character :)
- Link to v1: https://lore.kernel.org/r/20240221-snprintf-checkpatch-v1-1-3ac5025b5961@google.com
---
>From a discussion here [1].
[1]: https://lore.kernel.org/all/0f9c95f9-2c14-eee6-7faf-635880edcea4@linux-m68k.org/
---
scripts/checkpatch.pl | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 9c4c4a61bc83..69dfb7412014 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -7012,6 +7012,12 @@ sub process {
"Prefer strscpy, strscpy_pad, or __nonstring over strncpy - see: https://github.com/KSPP/linux/issues/90\n" . $herecurr);
}
+# snprintf uses that should likely be {v}scnprintf
+ if ($line =~ /\bsnprintf\s*\(\s*/) {
+ WARN("SNPRINTF",
+ "Prefer scnprintf over snprintf - see: https://github.com/KSPP/linux/issues/105\n" . $herecurr);
+ }
+
# ethtool_sprintf uses that should likely be ethtool_puts
if ($line =~ /\bethtool_sprintf\s*\(\s*$FuncArg\s*,\s*$FuncArg\s*\)/) {
if (WARN("PREFER_ETHTOOL_PUTS",
---
base-commit: b401b621758e46812da61fa58a67c3fd8d91de0d
change-id: 20240221-snprintf-checkpatch-a864ed67ebd0
Best regards,
--
Justin Stitt <justinstitt@...gle.com>
Powered by blists - more mailing lists