[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMZ6RqJHFyeG0ZMaAAfJ_30t-oucJVm05Et-H9DEgzbWj-K6vA@mail.gmail.com>
Date: Mon, 28 Nov 2022 10:21:27 +0900
From: Vincent MAILHOL <mailhol.vincent@...adoo.fr>
To: Andrew Lunn <andrew@...n.ch>
Cc: linux-can@...r.kernel.org, Marc Kleine-Budde <mkl@...gutronix.de>,
linux-kernel@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
netdev@...r.kernel.org, linux-usb@...r.kernel.org,
Saeed Mahameed <saeed@...nel.org>,
Jiri Pirko <jiri@...dia.com>,
Lukas Magel <lukas.magel@...teo.net>
Subject: Re: [PATCH v4 3/6] can: etas_es58x: export product information
through devlink_ops::info_get()
On Mon. 28 Nov. 2022 at 00:08, Andrew Lunn <andrew@...n.ch> wrote:
> > I checked, none of gcc and clang would trigger a warning even for a
> > 'make W=12'. More generally speaking, I made sure that my driver is
> > free of any W=12.
>
> That is good enough for me.
>
> > I do not care any more as long as it does not result in
> > undefined behaviour.
>
> Agreed. Hopefully sscanf cannot go completely wrong and go off the end
> of the buffer. That i would care about. Bit i guess the USB fuzzers
> would of hit such problems already.
On the surface, the sscanf() seems OK. It will break the while loop
when reaching the end of the format:
https://elixir.bootlin.com/linux/v6.1-rc6/source/lib/vsprintf.c#L3429
or the end of the string:
https://elixir.bootlin.com/linux/v6.1-rc6/source/lib/vsprintf.c#L3501
(I am skipping details here, there are other branches that will break
the while loop and all of them look good).
And me not being the first person using sscanf(), I hope that if a bug
existed, it would have already been spotted by some static
analysis/fuzzing/code review :)
That said, I think I answered all your comments. Can I get your
reviewed-by or ack tag? Thank you!
Yours sincerely,
Vincent Mailhol
Powered by blists - more mailing lists