lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241220163056.7bad4962@dsl-u17-10>
Date: Fri, 20 Dec 2024 16:30:56 +0000
From: David Laight <david.laight.linux@...il.com>
To: Guenter Roeck <linux@...ck-us.net>
Cc: kernel test robot <lkp@...el.com>, Eddie James <eajames@...ux.ibm.com>,
 oe-kbuild-all@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: drivers/hwmon/pmbus/ibm-cffps.c:184:60: warning: '%04X'
 directive output may be truncated writing between 4 and 8 bytes into a
 region of size 5

On Fri, 20 Dec 2024 07:21:18 -0800
Guenter Roeck <linux@...ck-us.net> wrote:

> On 12/20/24 05:54, kernel test robot wrote:
> > Hi Eddie,
> > 
> > FYI, the error/warning still remains.
> > 
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> > head:   8faabc041a001140564f718dabe37753e88b37fa
> > commit: 2f8a855efe8a6faf962c53af406e5ea4791b3877 pmbus: (ibm-cffps) Add support for version 2 of the PSU
> > date:   5 years ago
> > config: x86_64-randconfig-077-20241209 (https://download.01.org/0day-ci/archive/20241220/202412202139.tZ2VJL2f-lkp@intel.com/config)
> > compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
> > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241220/202412202139.tZ2VJL2f-lkp@intel.com/reproduce)
> > 
> > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > the same patch/commit), kindly add following tags
> > | Reported-by: kernel test robot <lkp@...el.com>
> > | Closes: https://lore.kernel.org/oe-kbuild-all/202412202139.tZ2VJL2f-lkp@intel.com/
> >   
> 
> We could use %2. 2X and %4.4X to make the compiler happy, but those are false positives.
> rc is known in all cases to not exceed the format size. I don't see the point of changing
> the code just to make the compiler happy.

I doubt they'd make any difference.

>
> >     drivers/hwmon/pmbus/ibm-cffps.c:171:60: warning: '%02X' directive output may be truncated writing between 2 and 8 bytes into a region of size 3 [-Wformat-truncation=]
> >       171 |                                 snprintf(&data[i * 2], 3, "%02X", rc);

The only ways I know are to bound check the value or to use
OPTIMISER_HIDE_VAR() on the length.

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ