lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 03 Jun 2021 12:34:28 -0700
From:   Joe Perches <joe@...ches.com>
To:     Jonathan Cameron <jic23@...nel.org>
Cc:     linux-iio@...r.kernel.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        Arnd Bergmann <arnd@...nel.org>,
        Andy Shevchenko <andy.shevchenko@...il.com>,
        Jonathan Cameron <Jonathan.Cameron@...wei.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: General kernel misuse of vsnprintf SPECIAL %#<foo> (was: Re:
 [PATCH v2 0/4] iio: Drop use of %hhx and %hx format strings)

On Thu, 2021-06-03 at 20:25 +0100, Jonathan Cameron wrote:
> On Thu, 03 Jun 2021 11:58:15 -0700 Joe Perches <joe@...ches.com> wrote:
> > It looks to me as though %#<foo> is relatively commonly misused in the kernel.
> > 
> > Pehaps for the decimal portion of the format, checkpatch could have some
> > test for use of non-standard lengths.
> > 
> > Given the use is generally meant for a u8, u16, u32, or u64, perhaps
> > checkpatch should emit a warning whenever the length is not 4, 6, 10, or 18.
> 
> Would have saved me some trouble, so I'm definitely in favour of checkpatch
> catching this.
> 
> I wonder if a better option is to match on 1, 2, 4, 8, 16 as likely to be
> caused by people getting the usage wrong rather than a deliberate attempt
> to pretty print something a little unusual?

Dunno.  %#0x and %x[123] seems pretty silly as it'll always emit the number
of digits in the value.

There aren't too many other odd uses other than those.

> > $ git grep -P -h -o '%#\d+\w+' | sort | uniq -c | sort -rn

8 and 16 are perhaps commonly misused.
> >     392 %#08x
> >      17 %#08lx
> >       9 %#08zx
> >       6 %#8x
> >       4 %#08llx
> >       1 %#8lx
> >       1 %#08

> >       7 %#16llx
> >       5 %#16
> >       4 %#016Lx
> >       1 %#16x
> >       1 %#16lx

These are the odd ones:

> >     144 %#02x
> >      27 %#0x
> >      23 %#2x
> >      17 %#3lx
> >      15 %#3x
> >      14 %#03x
> >       6 %#012llx
> >       4 %#05x
> >       4 %#02X
> >       3 %#01x
> >       2 %#09x
> >       2 %#05lx
> >       1 %#5x
> >       1 %#5lx
> >       1 %#2Lx
> >       1 %#2llx
> >       1 %#12x
> >       1 %#0lx
> >       1 %#05llx
> >       1 %#03X

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ