lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7tn66k5ssfk33hndz4ljljgsyqm26wruxla2dqphahxozjousj@laoidocw54q2>
Date: Fri, 14 Nov 2025 13:21:48 -0800
From: Josh Poimboeuf <jpoimboe@...nel.org>
To: Alexandre Chartre <alexandre.chartre@...cle.com>
Cc: linux-kernel@...r.kernel.org, mingo@...nel.org, peterz@...radead.org
Subject: Re: [PATCH v4 11/28] objtool: Trace instruction state changes during
 function validation

On Thu, Nov 13, 2025 at 05:49:00PM +0100, Alexandre Chartre wrote:
> +/*
> + * Return the name of a register. Note that the same static buffer
> + * is returned if the name is dynamically generated.
> + */
> +static const char *cfi_reg_name(unsigned int reg)
> +{
> +	static char rname_buffer[CFI_REG_NAME_MAXLEN];
> +
> +	switch (reg) {
> +	case CFI_UNDEFINED:
> +		return "<undefined>";
> +	case CFI_CFA:
> +		return "cfa";
> +	case CFI_SP_INDIRECT:
> +		return "(sp)";
> +	case CFI_BP_INDIRECT:
> +		return "(bp)";
> +	}
> +
> +	if (snprintf(rname_buffer, CFI_REG_NAME_MAXLEN, "r%d", reg) == 1)
> +		return NULL;

An snprintf() error would either be -1 (error) or ">=
CFI_REG_NAME_MAXLEN" (truncation).

Also maybe return "(error)" or so, so the caller doesn't need to check
the return value.

> +static void trace_cfi_reg(const char *prefix, int reg, const char *fmt,
> +			  int base_prev, int offset_prev,
> +			  int base_next, int offset_next)
> +{
> +	const char *rname;
> +
> +	if (base_prev == base_next && offset_prev == offset_next)
> +		return;
> +
> +	if (prefix)
> +		TRACE("%s:", prefix);
> +
> +	rname = cfi_reg_name(reg);
> +
> +	if (base_next == CFI_UNDEFINED) {
> +		TRACE("%1$s=<undef> ", rname);
> +	} else {
> +		TRACE(fmt, rname,
> +		      cfi_reg_name(base_next), offset_next);

Since cfi_reg_name() can reuse the same static local buffer, rname and
cfi_reg_name(base_next) might point to the same string?

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ