lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <4e3ad74b0c9dc229b06018a2d79655308ddbbebd.1484014173.git.joe@perches.com>
Date:   Mon,  9 Jan 2017 18:11:26 -0800
From:   Joe Perches <joe@...ches.com>
To:     Andrew Morton <akpm@...ux-foundation.org>,
        Andy Whitcroft <apw@...onical.com>
Cc:     Alexey Dobriyan <adobriyan@...il.com>, linux-kernel@...r.kernel.org
Subject: [PATCH] checkpatch: warn when formats use %Z and suggest %z

From: Alexey Dobriyan <adobriyan@...il.com>

vsnprintf extension %Z<foo> is non-standard C.
Suggest the use of %z instead.

Miscellanea:

o Correct the misuse of type string PRINTF_0xDECIMAL
  type strings are supposed to be uppercase only.
  Fix this and add tr/[a-z]/[A-Z] to the type check in case
  I forget this again sometime in the future.
o Improve the mechanism to find these defects so all
  3 current checks are done on the format string

Signed-off-by: Alexey Dobriyan <adobriyan@...il.com>
Signed-off-by: Joe Perches <joe@...ches.com>
---

I'll assume Alexey is OK with this modification to the patch he created.

 scripts/checkpatch.pl | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 99babcdf1dd8..89a7ad69d4fe 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -1848,6 +1848,8 @@ my $prefix = '';
 sub show_type {
 	my ($type) = @_;
 
+	$type =~ tr/[a-z]/[A-Z]/;
+
 	return defined $use_type{$type} if (scalar keys %use_type > 0);
 
 	return !defined $ignore_type{$type};
@@ -5179,24 +5181,27 @@ sub process {
 			     "Consecutive strings are generally better as a single string\n" . $herecurr);
 		}
 
-# check for %L{u,d,i} and 0x%[udi] in strings
-		my $string;
+# check for non-standard and hex prefixed decimal printf formats
+		my $show_L = 1;	#don't show the same defect twice
+		my $show_Z = 1;
 		while ($line =~ /(?:^|")([X\t]*)(?:"|$)/g) {
-			$string = substr($rawline, $-[1], $+[1] - $-[1]);
+			my $string = substr($rawline, $-[1], $+[1] - $-[1]);
 			$string =~ s/%%/__/g;
-			if ($string =~ /(?<!%)%[\*\d\.\$]*L[udi]/) {
+			# check for %L
+			if ($show_L && $string =~ /%[\*\d\.\$]*L([diouxX])/) {
 				WARN("PRINTF_L",
-				     "\%Ld/%Lu are not-standard C, use %lld/%llu\n" . $herecurr);
-				last;
+				     "\%L$1 is non-standard C, use %ll$1\n" . $herecurr);
+				$show_L = 0;
 			}
 			# check for %Z
-			if ($string =~ /(?<!%)%[\*\d\.\$]*Z[diouxX]/) {
+			if ($show_Z && $string =~ /%[\*\d\.\$]*Z([diouxX])/) {
 				WARN("PRINTF_Z",
-				     "%Z is non-standard C, use %z\n" . $herecurr);
-				last;
+				     "%Z$1 is non-standard C, use %z$1\n" . $herecurr);
+				$show_Z = 0;
 			}
-			if ($string =~ /0x%[\*\d\.\$\Llzth]*[udi]/) {
-				ERROR("PRINTF_0xDECIMAL",
+			# check for 0x<decimal>
+			if ($string =~ /0x%[\*\d\.\$\Llzth]*[diou]/) {
+				ERROR("PRINTF_0XDECIMAL",
 				      "Prefixing 0x with decimal output is defective\n" . $herecurr);
 			}
 		}
-- 
2.10.0.rc2.1.g053435c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ