| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Dec 2023 19:45:55 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Hugo Villeneuve' <hugo@...ovil.com>,
kernel test robot <lkp@...el.com>
CC: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"jirislaby@...nel.org" <jirislaby@...nel.org>,
"hvilleneuve@...onoff.com" <hvilleneuve@...onoff.com>,
"oe-kbuild-all@...ts.linux.dev" <oe-kbuild-all@...ts.linux.dev>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-serial@...r.kernel.org" <linux-serial@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
Andy Shevchenko <andy.shevchenko@...il.com>
Subject: RE: [PATCH 1/7] serial: sc16is7xx: fix snprintf format specifier in
sc16is7xx_regmap_name()
From: Hugo Villeneuve
> Sent: 07 December 2023 17:53
...
> > kernel test robot noticed the following build warnings:
> >
> > [auto build test WARNING on d804987153e7bedf503f8e4ba649afe52cfd7f6d]
> >
> > url: https://github.com/intel-lab-lkp/linux/commits/Hugo-Villeneuve/serial-sc16is7xx-fix-
> snprintf-format-specifier-in-sc16is7xx_regmap_name/20231201-031413
> > base: d804987153e7bedf503f8e4ba649afe52cfd7f6d
> > patch link: https://lore.kernel.org/r/20231130191050.3165862-2-hugo%40hugovil.com
> > patch subject: [PATCH 1/7] serial: sc16is7xx: fix snprintf format specifier in
> sc16is7xx_regmap_name()
> > config: x86_64-buildonly-randconfig-001-20231201 (https://download.01.org/0day-
> ci/archive/20231206/202312061443.Cknef7Uq-lkp@...el.com/config)
> > compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
> > reproduce (this is a W=1 build): (https://download.01.org/0day-
> ci/archive/20231206/202312061443.Cknef7Uq-lkp@...el.com/reproduce)
> >
> > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > the same patch/commit), kindly add following tags
> > | Reported-by: kernel test robot <lkp@...el.com>
> > | Closes: https://lore.kernel.org/oe-kbuild-all/202312061443.Cknef7Uq-lkp@intel.com/
> >
> > All warnings (new ones prefixed by >>):
> >
> > drivers/tty/serial/sc16is7xx.c: In function 'sc16is7xx_i2c_probe':
> > >> drivers/tty/serial/sc16is7xx.c:1703:41: warning: '%u' directive output may be truncated writing
> between 1 and 10 bytes into a region of size 2 [-Wformat-truncation=]
> > 1703 | snprintf(buf, sizeof(buf), "port%u", port_id);
> > | ^~
> > In function 'sc16is7xx_regmap_name',
> > inlined from 'sc16is7xx_i2c_probe' at drivers/tty/serial/sc16is7xx.c:1805:17:
> > drivers/tty/serial/sc16is7xx.c:1703:36: note: directive argument in the range [0, 4294967294]
> > 1703 | snprintf(buf, sizeof(buf), "port%u", port_id);
> > | ^~~~~~~~
> > drivers/tty/serial/sc16is7xx.c:1703:9: note: 'snprintf' output between 6 and 15 bytes into a
> destination of size 6
> > 1703 | snprintf(buf, sizeof(buf), "port%u", port_id);
> > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Hi,
> the only solution I could find is to add this line just before snprintf:
>
> BUG_ON(port_id > MAX310X_MAX_PORTS);
>
> it allows us to have the smallest buffer size possible.
Or "port%c", '0' + port_id);
Or maybe:
size_t buflen = sizeof (buf);
OPTIMIZER_HIDE_VAR(buflen);
snprintf(buf, buflen, fmt, args);
See https://godbolt.org/z/Wjz3xG5c4
Maybe there should be snprintf_may_truncate() (etc) in one of the headers.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists