lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20210604092720.5b59319b@jic23-huawei>
Date:   Fri, 4 Jun 2021 09:27:20 +0100
From:   Jonathan Cameron <jic23@...nel.org>
To:     Joe Perches <joe@...ches.com>
Cc:     linux-iio@...r.kernel.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        Arnd Bergmann <arnd@...nel.org>,
        Andy Shevchenko <andy.shevchenko@...il.com>,
        Jonathan Cameron <Jonathan.Cameron@...wei.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: General kernel misuse of vsnprintf SPECIAL %#<foo> (was: Re:
 [PATCH v2 0/4] iio: Drop use of %hhx and %hx format strings)

On Thu, 03 Jun 2021 12:34:28 -0700
Joe Perches <joe@...ches.com> wrote:

> On Thu, 2021-06-03 at 20:25 +0100, Jonathan Cameron wrote:
> > On Thu, 03 Jun 2021 11:58:15 -0700 Joe Perches <joe@...ches.com> wrote:  
> > > It looks to me as though %#<foo> is relatively commonly misused in the kernel.
> > > 
> > > Pehaps for the decimal portion of the format, checkpatch could have some
> > > test for use of non-standard lengths.
> > > 
> > > Given the use is generally meant for a u8, u16, u32, or u64, perhaps
> > > checkpatch should emit a warning whenever the length is not 4, 6, 10, or 18.  
> > 
> > Would have saved me some trouble, so I'm definitely in favour of checkpatch
> > catching this.
> > 
> > I wonder if a better option is to match on 1, 2, 4, 8, 16 as likely to be
> > caused by people getting the usage wrong rather than a deliberate attempt
> > to pretty print something a little unusual?  
> 
> Dunno.  %#0x and %x[123] seems pretty silly as it'll always emit the number
> of digits in the value.

Good point for those two cases - definitely want to catch them.

> 
> There aren't too many other odd uses other than those.

Perhaps you are right - after all anyone who is deliberately doing something
unusual will know they are doing it and can ignore the checkpatch warning.
Not as though it's going to happen very often from your stats below - looks
like maybe 17 of those cases 'might' be deliberate.

Jonathan
> 
> > > $ git grep -P -h -o '%#\d+\w+' | sort | uniq -c | sort -rn  
> 
> 8 and 16 are perhaps commonly misused.
> > >     392 %#08x
> > >      17 %#08lx
> > >       9 %#08zx
> > >       6 %#8x
> > >       4 %#08llx
> > >       1 %#8lx
> > >       1 %#08  
> 
> > >       7 %#16llx
> > >       5 %#16
> > >       4 %#016Lx
> > >       1 %#16x
> > >       1 %#16lx  
> 
> These are the odd ones:
> 
> > >     144 %#02x
> > >      27 %#0x
> > >      23 %#2x
> > >      17 %#3lx
> > >      15 %#3x
> > >      14 %#03x
> > >       6 %#012llx
> > >       4 %#05x
> > >       4 %#02X
> > >       3 %#01x
> > >       2 %#09x
> > >       2 %#05lx
> > >       1 %#5x
> > >       1 %#5lx
> > >       1 %#2Lx
> > >       1 %#2llx
> > >       1 %#12x
> > >       1 %#0lx
> > >       1 %#05llx
> > >       1 %#03X  
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ