| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Jun 2021 09:27:20 +0100
From: Jonathan Cameron <jic23@...nel.org>
To: Joe Perches <joe@...ches.com>
Cc: linux-iio@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Arnd Bergmann <arnd@...nel.org>,
Andy Shevchenko <andy.shevchenko@...il.com>,
Jonathan Cameron <Jonathan.Cameron@...wei.com>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: General kernel misuse of vsnprintf SPECIAL %#<foo> (was: Re:
[PATCH v2 0/4] iio: Drop use of %hhx and %hx format strings)
On Thu, 03 Jun 2021 12:34:28 -0700
Joe Perches <joe@...ches.com> wrote:
> On Thu, 2021-06-03 at 20:25 +0100, Jonathan Cameron wrote:
> > On Thu, 03 Jun 2021 11:58:15 -0700 Joe Perches <joe@...ches.com> wrote:
> > > It looks to me as though %#<foo> is relatively commonly misused in the kernel.
> > >
> > > Pehaps for the decimal portion of the format, checkpatch could have some
> > > test for use of non-standard lengths.
> > >
> > > Given the use is generally meant for a u8, u16, u32, or u64, perhaps
> > > checkpatch should emit a warning whenever the length is not 4, 6, 10, or 18.
> >
> > Would have saved me some trouble, so I'm definitely in favour of checkpatch
> > catching this.
> >
> > I wonder if a better option is to match on 1, 2, 4, 8, 16 as likely to be
> > caused by people getting the usage wrong rather than a deliberate attempt
> > to pretty print something a little unusual?
>
> Dunno. %#0x and %x[123] seems pretty silly as it'll always emit the number
> of digits in the value.
Good point for those two cases - definitely want to catch them.
>
> There aren't too many other odd uses other than those.
Perhaps you are right - after all anyone who is deliberately doing something
unusual will know they are doing it and can ignore the checkpatch warning.
Not as though it's going to happen very often from your stats below - looks
like maybe 17 of those cases 'might' be deliberate.
Jonathan
>
> > > $ git grep -P -h -o '%#\d+\w+' | sort | uniq -c | sort -rn
>
> 8 and 16 are perhaps commonly misused.
> > > 392 %#08x
> > > 17 %#08lx
> > > 9 %#08zx
> > > 6 %#8x
> > > 4 %#08llx
> > > 1 %#8lx
> > > 1 %#08
>
> > > 7 %#16llx
> > > 5 %#16
> > > 4 %#016Lx
> > > 1 %#16x
> > > 1 %#16lx
>
> These are the odd ones:
>
> > > 144 %#02x
> > > 27 %#0x
> > > 23 %#2x
> > > 17 %#3lx
> > > 15 %#3x
> > > 14 %#03x
> > > 6 %#012llx
> > > 4 %#05x
> > > 4 %#02X
> > > 3 %#01x
> > > 2 %#09x
> > > 2 %#05lx
> > > 1 %#5x
> > > 1 %#5lx
> > > 1 %#2Lx
> > > 1 %#2llx
> > > 1 %#12x
> > > 1 %#0lx
> > > 1 %#05llx
> > > 1 %#03X
>
>
Powered by blists - more mailing lists