lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABFUUZEhxz5n8Rf5UvxZiFRoXQ+DuZtpa9+iS46Rt4rpb8hD9A@mail.gmail.com>
Date: Mon, 5 Jan 2026 23:37:55 +0800
From: sun jian <sun.jian.kdev@...il.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Vaibhav Agarwal <vaibhav.sr@...il.com>, Johan Hovold <johan@...nel.org>, 
	Mark Greer <mgreer@...malcreek.com>, Alex Elder <elder@...nel.org>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, David Laight <david.laight.linux@...il.com>, 
	greybus-dev@...ts.linaro.org, linux-staging@...ts.linux.dev, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] staging: greybus: audio: avoid snprintf truncation warnings

Hi Dan,

Understood — I'll drop this patch. Thanks.

regards,
Sun Jian

On Mon, Jan 5, 2026 at 7:55 PM Dan Carpenter <dan.carpenter@...aro.org> wrote:
>
> This W=1 string truncation warnings always seems like a pointless thing.
> dmesg output is really only intended for developers.  I don't even know
> how to look at the dmesg on my phone or kindle.  Who cares if the last
> character in a really long device name is missing?  I have looked at a
> lot of stack traces and I have never once been stymied because one
> character was missing in a really long device name.
>
> And also these are 90% false positives.  We just add bounds checking all
> of our output to prevent memory corruption and not because we think that
> we'll actually hit the boundaries.  And the GCC is not able to analyze
> these in a sensible way, it's just going based on the variable types.
>
> This patch makes the code worse (more complicated).
>
> To recap:
> 1: It's warning about a non-issue.  No one cares about truncated output.
> 2: The warning is implemented poorly.  High false positive ratio.
> 3: The fix makes the code worse
>
> Just fix the tool instead of making the code worse for no reason.
>
> regards,
> dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ