lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20250519192557.1505924-1-ant.v.moryakov@gmail.com>
Date: Mon, 19 May 2025 22:25:57 +0300
From: ant.v.moryakov@...il.com
To: trix@...hat.com
Cc: linux-kernel@...r.kernel.org,
	Anton Moryakov <ant.v.moryakov@...il.com>
Subject: [PATCH v2] tiny-printf: handle NULL pointer for %s format string

From: Anton Moryakov <ant.v.moryakov@...il.com>

Avoid NULL pointer dereference in string formatting by printing "(null)"
when a NULL pointer is passed to a %s format specifier.

This change makes the behavior consistent with standard printf()
implementations and prevents potential crashes in constrained environments.

Signed-off-by: Anton Moryakov <ant.v.moryakov@...il.com>

---
 lib/tiny-printf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/tiny-printf.c b/lib/tiny-printf.c
index 2a7a4d286c0..df5f6829db5 100644
--- a/lib/tiny-printf.c
+++ b/lib/tiny-printf.c
@@ -307,6 +307,8 @@ static int _vprintf(struct printf_info *info, const char *fmt, va_list va)
 				break;
 			case 's':
 				p = va_arg(va, char*);
+				if (!p)
+					p = "(null)";
 				break;
 			case '%':
 				out(info, '%');
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ