| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z9rvXilnPCblbfIv@smile.fi.intel.com>
Date: Wed, 19 Mar 2025 18:22:54 +0200
From: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To: "Russell King (Oracle)" <linux@...linux.org.uk>
Cc: linux-usb@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Heiner Kallweit <hkallweit1@...il.com>
Subject: Re: [PATCH net v2 2/2] net: usb: asix: ax88772: Increase phy_name
size
On Wed, Mar 19, 2025 at 02:43:40PM +0000, Russell King (Oracle) wrote:
> On Wed, Mar 19, 2025 at 12:54:34PM +0200, Andy Shevchenko wrote:
> > GCC compiler (Debian 14.2.0-17) is not happy about printing
> > into a short buffer (when build with `make W=1`):
> >
> > drivers/net/usb/ax88172a.c: In function ‘ax88172a_reset’:
> > include/linux/phy.h:312:20: error: ‘%s’ directive output may be truncated writing up to 60 bytes into a region of size 20 [-Werror=format-truncation=]
>
> GCC reckons this can be up to 60 bytes...
It has two complains, but they a bit differ, first one was about %s, as you see
above, the other one which I missed to add here is about %02x:
drivers/net/usb/ax88172a.c:311:9: note: ‘snprintf’ output between 4 and 66 bytes into a destination of size 20
...
> > - char phy_name[20];
> > + char phy_name[MII_BUS_ID_SIZE + 3];
>
> MII_BUS_ID_SIZE is sized to 61, and is what is used in struct
> mii_bus::id. Why there a +3 here, which seems like a random constant to
> make it 64-bit aligned in size. If we have need to increase
> MII_BUS_ID_SIZE in the future, this kind of alignment then goes
> wrong...
>
> If the intention is to align it to 64-bit then there's surely a better
> and future-proof ways to do that.
Nope, intention is to cover the rest after %s.
...
> I'm also surprised that the +3 randomness wasn't described in the
> commit message.
It was referred in the cover letter and previous discussion, but I agree that
it has to be clarified here, it's ':%02x', the %s case, i.e. MII_BUS_ID_SIZE
covers 60 characters + NUL.
...
> > + if (ret >= PHY_MAX_ADDR) {
> > + netdev_err(dev->net, "Invalid PHY ID %x\n", ret);
>
> An address is not a "PHY ID". "Invalid PHY address %d\n" probably makes
> more sense, but if you want to keep the hex, then it really should be
> %#x or 0x%x to make it clear that e.g. "20" is hex and not decimal.
Sure, I fix it locally, but we need to understand how to go with the
+3/+whatever fix, so format specifier won't hit us back.
...
Thank you for the review!
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists