[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ee5a5bf2-a014-448c-9e28-d4caea3f481e@lunn.ch>
Date: Mon, 16 Sep 2024 22:37:36 +0200
From: Andrew Lunn <andrew@...n.ch>
To: "Russell King (Oracle)" <linux@...linux.org.uk>
Cc: Raju Lakkaraju <Raju.Lakkaraju@...rochip.com>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>,
netdev@...r.kernel.org, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, bryan.whitehead@...rochip.com,
UNGLinuxDriver@...rochip.com, maxime.chevallier@...tlin.com,
rdunlap@...radead.org, Steen.Hegelund@...rochip.com,
daniel.machon@...rochip.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next V2 2/5] net: lan743x: Add support to
software-nodes for sfp
> If you really want to do this kind of thing, at least write it in
> a safe way...
>
> snprintf(..., "%s", string);
>
> rather than:
>
> snprintf(..., string);
>
> so that "string" doesn't attempt to be escape-expanded.
One of the static analysers is complaining about this danger, or it
might be GCC itself if you up the warning level. The kernel hardening
people are replacing all such bad cases, one by one. So we definitely
don't want to add more.
Andrew
Powered by blists - more mailing lists