| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHp75VckekMWgJOfd1z1ZezGs5RZ3PpymObb49FtikED1T62Eg@mail.gmail.com>
Date: Wed, 9 Mar 2016 08:49:27 +0200
From: Andy Shevchenko <andy.shevchenko@...il.com>
To: Rasmus Villemoes <linux@...musvillemoes.dk>
Cc: Kees Cook <keescook@...omium.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
linux-input <linux-input@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [RFC 2/7] Input: joystick - avoid fragile snprintf use
On Tue, Mar 8, 2016 at 10:40 PM, Rasmus Villemoes
<linux@...musvillemoes.dk> wrote:
> Passing overlapping src and dst buffers to snprintf is fragile, and
> while it currently works for the special case of passing dst as the
> argument corresponding to an initial "%s" in the format string, any
> other use would very likely lead to chaos. It's easy enough to avoid,
> so let's do that.
> static void analog_name(struct analog *analog)
> {
> - snprintf(analog->name, sizeof(analog->name), "Analog %d-axis %d-button",
> + int ret = 0;
Assignment is not needed.
> +
> + ret = scnprintf(analog->name, sizeof(analog->name), "Analog %d-axis %d-button",
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists