| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Sep 2020 14:08:43 +0200 (CEST)
From: Julia Lawall <julia.lawall@...ia.fr>
To: Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>
cc: kernel test robot <lkp@...el.com>,
Denis Efremov <efremov@...ux.com>, kbuild-all@...ts.01.org,
linux-kernel@...r.kernel.org,
Daniel Vetter <daniel.vetter@...ll.ch>,
Nathan Chancellor <natechancellor@...il.com>,
Sam Ravnborg <sam@...nborg.org>,
Alex Deucher <alexander.deucher@....com>,
Qiujun Huang <hqjagain@...il.com>,
Peter Rosin <peda@...ntia.se>, dri-devel@...ts.freedesktop.org
Subject: Re: [kbuild-all] Re: [PATCH] coccinelle: api: fix device_attr_show.cocci
warnings
On Tue, 8 Sep 2020, Bartlomiej Zolnierkiewicz wrote:
>
> Hi,
>
> On 8/10/20 11:21 AM, kernel test robot wrote:
> > From: kernel test robot <lkp@...el.com>
> >
> > drivers/video/fbdev/core/fbcon.c:3509:8-16: WARNING: use scnprintf or sprintf
> > drivers/video/fbdev/core/fbcon.c:3484:8-16: WARNING: use scnprintf or sprintf
> >
> >
> > From Documentation/filesystems/sysfs.txt:
> > show() must not use snprintf() when formatting the value to be
> > returned to user space. If you can guarantee that an overflow
> > will never happen you can use sprintf() otherwise you must use
> > scnprintf().
> >
> > Generated by: scripts/coccinelle/api/device_attr_show.cocci
> >
> > Fixes: abfc19ff202d ("coccinelle: api: add device_attr_show script")
> > CC: Denis Efremov <efremov@...ux.com>
> > Signed-off-by: kernel test robot <lkp@...el.com>
> > ---
> >
> > tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> > head: fc80c51fd4b23ec007e88d4c688f2cac1b8648e7
> > commit: abfc19ff202d287742483e15fd478ddd6ada2187 coccinelle: api: add device_attr_show script
> >
> > Please take the patch only if it's a positive warning. Thanks!
> >
> > fbcon.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > --- a/drivers/video/fbdev/core/fbcon.c
> > +++ b/drivers/video/fbdev/core/fbcon.c
> > @@ -3481,7 +3481,7 @@ static ssize_t show_rotate(struct device
> > rotate = fbcon_get_rotate(info);
> > err:
> > console_unlock();
> > - return snprintf(buf, PAGE_SIZE, "%d\n", rotate);
> > + return scnprintf(buf, PAGE_SIZE, "%d\n", rotate);
>
> buf length is at least PAGE_SIZE and rotate val is an int so
> shouldn't this be converted to use sprintf() instead?
The rule is evolving in this direction. Thanks for the feedback.
julia
>
> > }
> >
> > static ssize_t show_cursor_blink(struct device *device,
> > @@ -3506,7 +3506,7 @@ static ssize_t show_cursor_blink(struct
> > blink = (ops->flags & FBCON_FLAGS_CURSOR_TIMER) ? 1 : 0;
> > err:
> > console_unlock();
> > - return snprintf(buf, PAGE_SIZE, "%d\n", blink);
> > + return scnprintf(buf, PAGE_SIZE, "%d\n", blink);
>
> ditto for blink val
>
> > }
> >
> > static ssize_t store_cursor_blink(struct device *device,
> >
>
> Best regards,
> --
> Bartlomiej Zolnierkiewicz
> Samsung R&D Institute Poland
> Samsung Electronics
> _______________________________________________
> kbuild-all mailing list -- kbuild-all@...ts.01.org
> To unsubscribe send an email to kbuild-all-leave@...ts.01.org
>
Powered by blists - more mailing lists