| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9f8351f9-7664-8c96-9c37-a6e86efc9643@wanadoo.fr>
Date: Mon, 23 Mar 2020 13:08:47 +0100
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: peterz@...radead.org, mingo@...hat.com, acme@...nel.org,
mark.rutland@....com, alexander.shishkin@...ux.intel.com,
jolsa@...hat.com, namhyung@...nel.org, kan.liang@...ux.intel.com,
zhe.he@...driver.com, dzickus@...hat.com, jstancek@...hat.com,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] perf cpumap: Use scnprintf instead of snprintf
Le 23/03/2020 à 12:03, Dan Carpenter a écrit :
> On Sun, Mar 22, 2020 at 06:25:23PM +0100, Christophe JAILLET wrote:
>> 'scnprintf' returns the number of characters written in the output buffer
>> excluding the trailing '\0', instead of the number of characters which
>> would be generated for the given input.
>>
>> Both function return a number of characters, excluding the trailing '\0'.
>> So comparaison to check if it overflows, should be done against max_size-1.
>> Comparaison against max_size can never match.
>>
>> Fixes: 7780c25bae59f ("perf tools: Allow ability to map cpus to nodes easily")
>> Fixes: a24020e6b7cf6 ("perf tools: Change cpu_map__fprintf output")
>> Fixes: 92a7e1278005b ("perf cpumap: Add cpu__max_present_cpu()")
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
>> ---
>> tools/perf/util/cpumap.c | 39 ++++++++++++++++++++-------------------
>> 1 file changed, 20 insertions(+), 19 deletions(-)
>>
>> diff --git a/tools/perf/util/cpumap.c b/tools/perf/util/cpumap.c
>> index 983b7388f22b..b87e7ef4d130 100644
>> --- a/tools/perf/util/cpumap.c
>> +++ b/tools/perf/util/cpumap.c
>> @@ -316,8 +316,8 @@ static void set_max_cpu_num(void)
>> goto out;
>>
>> /* get the highest possible cpu number for a sparse allocation */
>> - ret = snprintf(path, PATH_MAX, "%s/devices/system/cpu/possible", mnt);
>> - if (ret == PATH_MAX) {
>> + ret = scnprintf(path, PATH_MAX, "%s/devices/system/cpu/possible", mnt);
>> + if (ret == PATH_MAX-1) {
> This should be a static analysis warning.
>
> But isn't this stuff userspace? I can't figure out how to compile it on
> Debian so I'm not sure. There is no scnprintf() in user space.
>
> regards,
> dan carpenter
I compiled it with:
make tools/perf
the cpumap.o is generated and if I introduce an error,
'scn<SPACE>printf' for example, gcc triggers a built error.
I though it was enough to validate the patch, before sending it.
Anyway, keeping 'snprintf' could be better to check for the overflow,
but 'if (ret == PATH_MAX)' should be turned in 'if (ret >= PATH_MAX)'.
If agreed, I can send a V2.
CJ
Powered by blists - more mailing lists