| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Dec 2023 18:55:35 +0100
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: Sohil Mehta <sohil.mehta@...el.com>, Thomas Gleixner
<tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>
Cc: linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] x86/callthunks: Fix some potential string truncation in
callthunks_debugfs_init()
Le 19/12/2023 à 12:02, Sohil Mehta a écrit :
> On 12/17/2023 2:31 PM, Christophe JAILLET wrote:
>> When compiled with W=1, we get:
>> arch/x86/kernel/callthunks.c: In function ‘callthunks_debugfs_init’:
>> arch/x86/kernel/callthunks.c:394:35: error: ‘%lu’ directive writing between 1 and 10 bytes into a region of size 7 [-Werror=format-overflow=]
>> 394 | sprintf(name, "cpu%lu", cpu);
>> | ^~~
>> arch/x86/kernel/callthunks.c:394:31: note: directive argument in the range [0, 4294967294]
>> 394 | sprintf(name, "cpu%lu", cpu);
>> | ^~~~~~~~
>> arch/x86/kernel/callthunks.c:394:17: note: ‘sprintf’ output between 5 and 14 bytes into a destination of size 10
>> 394 | sprintf(name, "cpu%lu", cpu);
>> |
>>
>> So, give some more space to 'name' to silence the warning.
>
> It might be useful to specify that "some more space" hasn't been
> arbitrarily decided. It took me a few minutes to figure that out.
>
> With the max cpu number being 4294967294 with 10 characters, a total of
> 14 chars would be enough to print "cpu%lu".
From my POV, it is what the gcc warning already says, but I (or anyone
else) can tweak the wording to make it more explicit.
Let me know if you want a v2.
CJ
>
>
>> (and fix the issue should a lucky one have a config with so many
>> CPU!)
>> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>
>> ---
>> arch/x86/kernel/callthunks.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>
> Apart from that, please feel free to add:
>
> Reviewed-by: Sohil Mehta <sohil.mehta@...el.com>
>
>> diff --git a/arch/x86/kernel/callthunks.c b/arch/x86/kernel/callthunks.c
>> index cf7e5be1b844..26182a7d12b3 100644
>> --- a/arch/x86/kernel/callthunks.c
>> +++ b/arch/x86/kernel/callthunks.c
>> @@ -388,7 +388,7 @@ static int __init callthunks_debugfs_init(void)
>> dir = debugfs_create_dir("callthunks", NULL);
>> for_each_possible_cpu(cpu) {
>> void *arg = (void *)cpu;
>> - char name [10];
>> + char name[14];
>>
>> sprintf(name, "cpu%lu", cpu);
>> debugfs_create_file(name, 0644, dir, arg, &dfs_ops);
>
>
>
Powered by blists - more mailing lists