| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aVumucN_RFQwfgj9@stanley.mountain> Date: Mon, 5 Jan 2026 14:55:37 +0300 From: Dan Carpenter <dan.carpenter@...aro.org> To: Sun Jian <sun.jian.kdev@...il.com> Cc: Vaibhav Agarwal <vaibhav.sr@...il.com>, Johan Hovold <johan@...nel.org>, Mark Greer <mgreer@...malcreek.com>, Alex Elder <elder@...nel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, David Laight <david.laight.linux@...il.com>, greybus-dev@...ts.linaro.org, linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3] staging: greybus: audio: avoid snprintf truncation warnings This W=1 string truncation warnings always seems like a pointless thing. dmesg output is really only intended for developers. I don't even know how to look at the dmesg on my phone or kindle. Who cares if the last character in a really long device name is missing? I have looked at a lot of stack traces and I have never once been stymied because one character was missing in a really long device name. And also these are 90% false positives. We just add bounds checking all of our output to prevent memory corruption and not because we think that we'll actually hit the boundaries. And the GCC is not able to analyze these in a sensible way, it's just going based on the variable types. This patch makes the code worse (more complicated). To recap: 1: It's warning about a non-issue. No one cares about truncated output. 2: The warning is implemented poorly. High false positive ratio. 3: The fix makes the code worse Just fix the tool instead of making the code worse for no reason. regards, dan carpenter
Powered by blists - more mailing lists