| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210511135229.GU1955@kadam>
Date: Tue, 11 May 2021 16:52:29 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Joseph Qi <joseph.qi@...ux.alibaba.com>
Cc: Mark Fasheh <mark@...heh.com>, Joel Becker <jlbec@...lplan.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Gang He <ghe@...e.com>, ocfs2-devel@....oracle.com,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] ocfs2: fix snprintf() checking
On Tue, May 11, 2021 at 08:54:53PM +0800, Joseph Qi wrote:
>
>
> On 5/11/21 3:16 PM, Dan Carpenter wrote:
> > The snprintf() function returns the number of bytes which would have
> > been printed if the buffer was large enough. In other words it can
> > return ">= remain" but this code assumes it returns "== remain".
> >
> > The run time impact of this bug is not very severe. The next iteration
> > through the loop would trigger a WARN() when we pass a negative limit
> > to snprintf(). We would then return success instead of -E2BIG.
> >
> > The kernel implementation of snprintf() will never return negatives so
> > there is no need to check and I have deleted that dead code.
> >
> > Fixes: a860f6eb4c6a ("ocfs2: sysfile interfaces for online file check")
> > Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
>
> Looks good. But the last 2 sections are introduced by:
> 74ae4e104dfc ocfs2: Create stack glue sysfs files.
>
> With 'Fixes' tag updated,
> Reviewed-by: Joseph Qi <joseph.qi@...ux.alibaba.com>
>
Thanks! Will do.
regards,
dan carpenter
Powered by blists - more mailing lists