lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250830212923.GB16364@pendragon.ideasonboard.com>
Date: Sat, 30 Aug 2025 23:29:23 +0200
From: Laurent Pinchart <laurent.pinchart@...asonboard.com>
To: Masaharu Noguchi <nogunix@...il.com>
Cc: gregkh@...uxfoundation.org, linux-staging@...ts.linux.dev,
	vaibhav.sr@...il.com, mgreer@...malcreek.com, johan@...nel.org,
	elder@...nel.org, greybus-dev@...ts.linaro.org,
	florian.fainelli@...adcom.com, rjui@...adcom.com,
	sbranden@...adcom.com, bcm-kernel-feedback-list@...adcom.com,
	dave.stevenson@...pberrypi.com, hverkuil@...nel.org,
	linux-rpi-kernel@...ts.infradead.org,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] staging: vc04_services: bcm2835-camera: avoid
 -Wformat-truncation

On Sun, Aug 31, 2025 at 02:38:50AM +0900, Masaharu Noguchi wrote:
>     - Fix -Wformat-truncation in vidioc_querycap() when composing bus_info.
>     - Use scnprintf() for the prefix and strscpy() for the remainder.
> 
> Signed-off-by: Masaharu Noguchi <nogunix@...il.com>
> ---
>  .../staging/vc04_services/bcm2835-camera/bcm2835-camera.c    | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
> index fa7ea4ca4c36..c2788659af12 100644
> --- a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
> +++ b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
> @@ -874,13 +874,14 @@ static int vidioc_querycap(struct file *file, void *priv,
>  	struct bcm2835_mmal_dev *dev = video_drvdata(file);
>  	u32 major;
>  	u32 minor;
> +	int n;
>  
>  	vchiq_mmal_version(dev->instance, &major, &minor);
>  
>  	strscpy(cap->driver, "bcm2835 mmal", sizeof(cap->driver));
>  	snprintf((char *)cap->card, sizeof(cap->card), "mmal service %d.%d", major, minor);
> -
> -	snprintf((char *)cap->bus_info, sizeof(cap->bus_info), "platform:%s", dev->v4l2_dev.name);
> +	n = scnprintf((char *)cap->bus_info, sizeof(cap->bus_info), "platform:");
> +	strscpy((char *)cap->bus_info + n, dev->v4l2_dev.name, sizeof(cap->bus_info) - n);

The fact that we need such a complicated construct is a sign that
there's something wrong in our APIs. The above code is too complicated
for what it does, making it less readable, more difficult to maintain,
and more bug-prone. I don't know if we need yet another sprintf variant
in the kernel, or something else, but this doens't seem to be what we
need.

>  	return 0;
>  }
>  

-- 
Regards,

Laurent Pinchart

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ