[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABVgOSn+VxTb5TOmZd82HN04j_ZG9J2G-AoJmdxWG8QDh9xGxg@mail.gmail.com>
Date: Thu, 22 Feb 2024 14:22:10 +0800
From: David Gow <davidgow@...gle.com>
To: Justin Stitt <justinstitt@...gle.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Shuah Khan <skhan@...uxfoundation.org>,
Guenter Roeck <linux@...ck-us.net>, Rae Moar <rmoar@...gle.com>,
Matthew Auld <matthew.auld@...el.com>,
Arunpravin Paneer Selvam <arunpravin.paneerselvam@....com>,
Christian König <christian.koenig@....com>,
Kees Cook <keescook@...omium.org>, Maíra Canal <mcanal@...lia.com>,
Rodrigo Vivi <rodrigo.vivi@...el.com>, Matthew Brost <matthew.brost@...el.com>,
Willem de Bruijn <willemb@...gle.com>, Florian Westphal <fw@...len.de>, Cassio Neri <cassio.neri@...il.com>,
Javier Martinez Canillas <javierm@...hat.com>, Arthur Grillo <arthur.grillo@....br>,
Brendan Higgins <brendan.higgins@...ux.dev>, Daniel Latypov <dlatypov@...gle.com>,
Stephen Boyd <sboyd@...nel.org>, David Airlie <airlied@...il.com>, Maxime Ripard <mripard@...nel.org>,
"David S . Miller" <davem@...emloft.net>, dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org, intel-xe@...ts.freedesktop.org,
linux-rtc@...r.kernel.org, linux-kselftest@...r.kernel.org,
kunit-dev@...glegroups.com, linux-hardening@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH 2/9] lib/cmdline: Fix an invalid format specifier in an
assertion msg
On Thu, 22 Feb 2024 at 04:10, 'Justin Stitt' via KUnit Development
<kunit-dev@...glegroups.com> wrote:
>
> Hi,
>
> On Wed, Feb 21, 2024 at 05:27:15PM +0800, David Gow wrote:
> > The correct format specifier for p - n (both p and n are pointers) is
> > %td, as the type should be ptrdiff_t.
>
> I think %tu is better. d specifies a signed type. I don't doubt that the
> warning is fixed but I think %tu represents the type semantics here.
>
While I agree that this should never be negative, I'd still lean on
this being a signed type, for two reasons:
- I think, if there's a bug in this code, it's easier to debug this if
a 'negative' value were to appear as such.
- While, as I understand it, the C spec does provide for a
ptrdiff_t-sized unsigned printf specifier in '%tu', the difference
between two pointers is always signed:
"When two pointers are subtracted, both shall point to elements of the
same array object,
or one past the last element of the array object; the result is the
difference of the
subscripts of the two array elements. The size of the result is
implementation-defined,
and its type (a signed integer type) is ptrdiff_t defined in the
<stddef.h> header"
(Technically, the kernel's ptrdiff_t type isn't defined in stddef.h,
so a bit of deviation from the spec is happening anyway, though.)
If there's a particularly good reason to make this unsigned in this
case, I'd be happy to change it, of course. But I'd otherwise prefer
to keep it as-is.
Cheers,
-- David
Download attachment "smime.p7s" of type "application/pkcs7-signature" (4014 bytes)
Powered by blists - more mailing lists