[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20170904142916.7a67428f@blatinox-laptop.localdomain>
Date: Mon, 4 Sep 2017 14:29:16 -0400
From: Jérémy Lefaure <jeremy.lefaure@....epita.fr>
To: Arnd Bergmann <arnd@...db.de>,
Andrew Morton <akpm@...ux-foundation.org>,
Stephen Rothwell <sfr@...b.auug.org.au>,
David Howells <dhowells@...hat.com>
Cc: linux-cachefs@...hat.com, linux-kernel@...r.kernel.org,
dhowells@...hat.com
Subject: Re: [PATCH 21/22] fscache: fix fscache_objlist_show format
processing
> gcc points out a minor bug in the handling of unknown
> cookie types, which could result in a string overflow
> when the integer is copied into a 3-byte string:
>
> fs/fscache/object-list.c: In function 'fscache_objlist_show':
> fs/fscache/object-list.c:265:19: error: 'sprintf' may write a
> terminating nul past the end of the destination
> [-Werror=format-overflow=] sprintf(_type, "%02u", cookie->def->type);
> ^~~~~~ fs/fscache/object-list.c:265:4: note: 'sprintf' output between
> 3 and 4 bytes into a destination of size 3
>
> This is currently harmless as no code sets a type other
> than 0 or 1, but it makes sense to use snprintf() here
> to avoid overflowing the array if that changes.
>
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
Hi,
I sent a patch to fix this issue in April [1]. It was accepted by David
Howells [2]. I don't know why it wasn't upstreamed.
> fs/fscache/object-list.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/fscache/object-list.c b/fs/fscache/object-list.c
> index 67f940892ef8..b5ab06fabc60 100644
> --- a/fs/fscache/object-list.c
> +++ b/fs/fscache/object-list.c
> @@ -262,7 +262,8 @@ static int fscache_objlist_show(struct seq_file
> *m, void *v) type = "DT";
> break;
> default:
> - sprintf(_type, "%02u", cookie->def->type);
> + snprintf(_type, sizeof(_type), "%02u",
> + cookie->def->type);
> type = _type;
> break;
> }
In my patch I didn't use snprintf (which is fine) but I used the
hexadecimal value (as it is in the documentation [3]). Is it too late
to change this patch ? If it is, I can send a patch to use an hex value.
Thank you,
Jérémy
[1]: https://marc.info/?l=linux-kernel&m=149263432022839&w=4
[2]: https://marc.info/?l=linux-kernel&m=149330544916184&w=4
[3]: see Documentation/filesystems/caching/fscache.txt
Powered by blists - more mailing lists