| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <10d321d6-89ab-464e-971d-bb9635a5308f@moroto.mountain>
Date: Wed, 6 Sep 2023 12:09:25 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Christophe JAILLET <christophe.jaillet@...adoo.fr>
Cc: William Hubbs <w.d.hubbs@...il.com>,
Chris Brannon <chris@...-brannons.com>,
Kirk Reiser <kirk@...sers.ca>,
Samuel Thibault <samuel.thibault@...-lyon.org>,
Greg Kroah-Hartman <gregkh@...e.de>,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
speakup@...ux-speakup.org
Subject: Re: [PATCH] accessibility: speakup: Fix incorrect string length
computation in report_char_chartab_status()
On Mon, Sep 04, 2023 at 09:31:44PM +0200, Christophe JAILLET wrote:
> snprintf() returns the "number of characters which *would* be generated for
> the given input", not the size *really* generated.
>
> In order to avoid too large values for 'len' (and potential negative
> values for "sizeof(buf) - (len - 1)") use scnprintf() instead of
> snprintf().
>
A bunch of kernel-janitors mail didn't reach my inbox... Like this
one. So weird.
Reviewed-by: Dan Carpenter <dan.carpenter@...aro.org>
The impact of this bug is a WARN() btw. snprintf() will refuse to
print negative bytes.
regards,
dan carpenter
Powered by blists - more mailing lists