| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aUVrKwedNdTYpi4d@bou-desktop>
Date: Fri, 19 Dec 2025 16:11:39 +0100
From: Boudewijn van der Heide <boudewijn@...ta-utec.com>
To: peterz@...radead.org
Cc: mingo@...hat.com, will@...nel.org, boqun.feng@...il.com,
longman@...hat.com, linux-kernel@...r.kernel.org
Subject: [PATCH] locking/lockdep: Fix string truncation and length accounting
in seq_stats()
GCC 14 reports a -Wformat-truncation warning when appending "#%d" and
"/%d" to the lock class name in seq_stats(), as the buffer size was
insufficient and the resulting length was tracked incorrectly.
Use scnprintf() with remaining-buffer accounting to safely append the
suffixes and update namelen based on the actual number of characters
written.
Signed-off-by: Boudewijn van der Heide <boudewijn@...ta-utec.com>
---
kernel/locking/lockdep_proc.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/kernel/locking/lockdep_proc.c b/kernel/locking/lockdep_proc.c
index 1916db9aa46b..8fe977c32a3d 100644
--- a/kernel/locking/lockdep_proc.c
+++ b/kernel/locking/lockdep_proc.c
@@ -496,12 +496,14 @@ static void seq_stats(struct seq_file *m, struct lock_stat_data *data)
namelen = strlen(name);
if (class->name_version > 1) {
- snprintf(name+namelen, 3, "#%d", class->name_version);
- namelen += 2;
+ namelen += scnprintf(name + namelen,
+ sizeof(name) - namelen, "#%d",
+ class->name_version);
}
if (class->subclass) {
- snprintf(name+namelen, 3, "/%d", class->subclass);
- namelen += 2;
+ namelen += scnprintf(name + namelen,
+ sizeof(name) - namelen, "/%d",
+ class->subclass);
}
if (stats->write_holdtime.nr) {
--
2.47.3
Powered by blists - more mailing lists