lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87tx2de08u.fsf@rasmusvillemoes.dk>
Date:	Wed, 05 Nov 2014 23:44:17 +0100
From:	Rasmus Villemoes <linux@...musvillemoes.dk>
To:	Steven Rostedt <rostedt@...dmis.org>
Cc:	Julia Lawall <Julia.Lawall@...6.fr>,
	Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4/6] trace: Replace seq_printf by simpler equivalents

On Wed, Nov 05 2014, Steven Rostedt <rostedt@...dmis.org> wrote:

> On Fri, 12 Sep 2014 11:25:52 +0200
> Rasmus Villemoes <linux@...musvillemoes.dk> wrote:
>
>> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
>> index 5916a8e..7b9ce28 100644
>> --- a/kernel/trace/ftrace.c
>> +++ b/kernel/trace/ftrace.c
>> @@ -556,13 +556,13 @@ static int function_stat_cmp(void *p1, void *p2)
>>  static int function_stat_headers(struct seq_file *m)
>>  {
>>  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
>> -	seq_printf(m, "  Function                               "
>> -		   "Hit    Time            Avg             s^2\n"
>> -		      "  --------                               "
>> -		   "---    ----            ---             ---\n");
>> +	seq_puts(m,
>> +		 "  Function                               " "Hit    Time            Avg             s^2\n"
>> +		 "  --------                               " "---    ----            ---             ---\n");
>
> Please keep the original format. I know that it's considered bad form
> to split strings like this, but I consider this one of the exceptions
> to the rule.

OK. Want me to resend?

>> @@ -3250,7 +3250,7 @@ static int t_show(struct seq_file *m, void *v)
>>  	if (!t)
>>  		return 0;
>>  
>> -	seq_printf(m, "%s", t->name);
>> +	seq_puts(m, t->name);
>
> This is wrong and dangerous.
>
> What happens if "t->name" contains "%d" or "%s"?

Then those characters will be printed to the seq_file, just as they
would previously? puts doesn't interpret its string argument in any
way...

>> --- a/kernel/trace/trace_events_trigger.c
>> +++ b/kernel/trace/trace_events_trigger.c
>> @@ -373,7 +373,7 @@ event_trigger_print(const char *name, struct seq_file *m,
>>  {
>>  	long count = (long)data;
>>  
>> -	seq_printf(m, "%s", name);
>> +	seq_puts(m, name);
>
> Again, this is wrong and dangerous.

I'm pretty sure it's neither :-)

Rasmus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ