lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 03 Dec 2023 21:50:51 +0100
From:   "Arnd Bergmann" <arnd@...db.de>
To:     "Dmitry Torokhov" <dmitry.torokhov@...il.com>,
        "Zack Rusin" <zackr@...are.com>
Cc:     linux-kernel@...r.kernel.org,
        "VMware Graphics Reviewers" <linux-graphics-maintainer@...are.com>,
        "Robert Jarzmik" <robert.jarzmik@...e.fr>,
        "Raul Rangel" <rrangel@...omium.org>, linux-input@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH] input/vmmouse: Fix device name copies

On Sun, Dec 3, 2023, at 19:41, Dmitry Torokhov wrote:
> On Mon, Nov 27, 2023 at 03:42:06PM -0500, Zack Rusin wrote:
>> From: Zack Rusin <zackr@...are.com>
>> 
>> Make sure vmmouse_data::phys can hold serio::phys (which is 32 bytes)
>> plus an extra string, extend it to 64.
>> 
>> Fixes gcc13 warnings:
>> drivers/input/mouse/vmmouse.c: In function ‘vmmouse_init’:
>> drivers/input/mouse/vmmouse.c:455:53: warning: ‘/input1’ directive output may be truncated writing 7 bytes into a region of size between 1 and 32 [-Wformat-truncation=]
>>   455 |         snprintf(priv->phys, sizeof(priv->phys), "%s/input1",
>>       |                                                     ^~~~~~~
>> drivers/input/mouse/vmmouse.c:455:9: note: ‘snprintf’ output between 8 and 39 bytes into a destination of size 32
>>   455 |         snprintf(priv->phys, sizeof(priv->phys), "%s/input1",
>>       |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>   456 |                  psmouse->ps2dev.serio->phys);
>>       |                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> This simply wastes 32 bytes. It is perfectly fine to truncate phys
> (which does not happen in real life).
>
> -Wformat-truncation is disabled in normal builds, folks should stop
> using it with W=1 as well.

It does find real bugs, and we are fairly close to being able
to enable it by default once the remaining warnings are all
fixed.

It also doesn't waste any memory in this specific case since
vmmouse_data is currently at 168 bytes, which gets rounded
up to either 192 or 256 bytes anyway. I'd suggest using
the minimum size that is large enough though, in this case
39 bytes for the string I guess.

     Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ