lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 22 Feb 2024 14:22:10 +0800
From: David Gow <davidgow@...gle.com>
To: Justin Stitt <justinstitt@...gle.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Shuah Khan <skhan@...uxfoundation.org>, 
	Guenter Roeck <linux@...ck-us.net>, Rae Moar <rmoar@...gle.com>, 
	Matthew Auld <matthew.auld@...el.com>, 
	Arunpravin Paneer Selvam <arunpravin.paneerselvam@....com>, 
	Christian König <christian.koenig@....com>, 
	Kees Cook <keescook@...omium.org>, Maíra Canal <mcanal@...lia.com>, 
	Rodrigo Vivi <rodrigo.vivi@...el.com>, Matthew Brost <matthew.brost@...el.com>, 
	Willem de Bruijn <willemb@...gle.com>, Florian Westphal <fw@...len.de>, Cassio Neri <cassio.neri@...il.com>, 
	Javier Martinez Canillas <javierm@...hat.com>, Arthur Grillo <arthur.grillo@....br>, 
	Brendan Higgins <brendan.higgins@...ux.dev>, Daniel Latypov <dlatypov@...gle.com>, 
	Stephen Boyd <sboyd@...nel.org>, David Airlie <airlied@...il.com>, Maxime Ripard <mripard@...nel.org>, 
	"David S . Miller" <davem@...emloft.net>, dri-devel@...ts.freedesktop.org, 
	linux-kernel@...r.kernel.org, intel-xe@...ts.freedesktop.org, 
	linux-rtc@...r.kernel.org, linux-kselftest@...r.kernel.org, 
	kunit-dev@...glegroups.com, linux-hardening@...r.kernel.org, 
	netdev@...r.kernel.org
Subject: Re: [PATCH 2/9] lib/cmdline: Fix an invalid format specifier in an
 assertion msg

On Thu, 22 Feb 2024 at 04:10, 'Justin Stitt' via KUnit Development
<kunit-dev@...glegroups.com> wrote:
>
> Hi,
>
> On Wed, Feb 21, 2024 at 05:27:15PM +0800, David Gow wrote:
> > The correct format specifier for p - n (both p and n are pointers) is
> > %td, as the type should be ptrdiff_t.
>
> I think %tu is better. d specifies a signed type. I don't doubt that the
> warning is fixed but I think %tu represents the type semantics here.
>

While I agree that this should never be negative, I'd still lean on
this being a signed type, for two reasons:
- I think, if there's a bug in this code, it's easier to debug this if
a 'negative' value were to appear as such.
- While, as I understand it, the C spec does provide for a
ptrdiff_t-sized unsigned printf specifier in '%tu', the difference
between two pointers is always signed:

"When two pointers are subtracted, both shall point to elements of the
same array object,
or one past the last element of the array object; the result is the
difference of the
subscripts of the two array elements. The size of the result is
implementation-defined,
and its type (a signed integer type) is ptrdiff_t defined in the
<stddef.h> header"

(Technically, the kernel's ptrdiff_t type isn't defined in stddef.h,
so a bit of deviation from the spec is happening anyway, though.)

If there's a particularly good reason to make this unsigned in this
case, I'd be happy to change it, of course. But I'd otherwise prefer
to keep it as-is.

Cheers,
-- David

Download attachment "smime.p7s" of type "application/pkcs7-signature" (4014 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ