lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 31 Aug 2023 10:53:14 +0000
From:   David Binderman <dcb314@...mail.com>
To:     "bristot@...nel.org" <bristot@...nel.org>,
        "rostedt@...dmis.org" <rostedt@...dmis.org>,
        "paul.walmsley@...ive.com" <paul.walmsley@...ive.com>,
        "palmer@...belt.com" <palmer@...belt.com>,
        "aou@...s.berkeley.edu" <aou@...s.berkeley.edu>,
        "linux-trace-kernel@...r.kernel.org" 
        <linux-trace-kernel@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        "linux-riscv@...ts.infradead.org" <linux-riscv@...ts.infradead.org>
Subject: linux-6.5/tools/tracing/rtla/src/utils.c:548:invalidScanfFormatWidth

Hello there,

I just tried the static analyser cppcheck over the source code of linux-6.5
and got this:

linux-6.5/tools/tracing/rtla/src/utils.c:548:9: error: Width 1024 given in format string (no. 1) is larger than destination buffer 'mount_point[1024]', use %1023s to prevent overflowing it. [invalidScanfFormatWidth]

Source code is

    while (fscanf(fp, "%*s %" STR(MAX_PATH) "s %99s %*s %*d %*d\n", mount_point, type) == 2) {

Maybe better code:

    while (fscanf(fp, "%*s %" STR(MAX_PATH - 1) "s %99s %*s %*d %*d\n", mount_point, type) == 2) {

Regards

David Binderman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ