lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250709100826.GT452973@horms.kernel.org>
Date: Wed, 9 Jul 2025 11:08:26 +0100
From: Simon Horman <horms@...nel.org>
To: Alok Tiwari <alok.a.tiwari@...cle.com>
Cc: sgoutham@...vell.com, andrew+netdev@...n.ch, davem@...emloft.net,
	edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
	netdev@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
	darren.kenny@...cle.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next v2] net: thunderx: Fix format-truncation warning
 in bgx_acpi_match_id()

On Tue, Jul 08, 2025 at 10:52:43AM -0700, Alok Tiwari wrote:
> The buffer bgx_sel used in snprintf() was too small to safely hold
> the formatted string "BGX%d" for all valid bgx_id values. This caused
> a -Wformat-truncation warning with Werror enabled during build.
> 
> Increase the buffer size from 5 to 8 and use sizeof(bgx_sel) in
> snprintf() to ensure safety and suppress the warning.
> 
> Build warning:
>   CC      drivers/net/ethernet/cavium/thunder/thunder_bgx.o
>   drivers/net/ethernet/cavium/thunder/thunder_bgx.c: In function
> ‘bgx_acpi_match_id’:
>   drivers/net/ethernet/cavium/thunder/thunder_bgx.c:1434:27: error: ‘%d’
> directive output may be truncated writing between 1 and 3 bytes into a
> region of size 2 [-Werror=format-truncation=]
>     snprintf(bgx_sel, 5, "BGX%d", bgx->bgx_id);
>                              ^~
>   drivers/net/ethernet/cavium/thunder/thunder_bgx.c:1434:23: note:
> directive argument in the range [0, 255]
>     snprintf(bgx_sel, 5, "BGX%d", bgx->bgx_id);
>                          ^~~~~~~
>   drivers/net/ethernet/cavium/thunder/thunder_bgx.c:1434:2: note:
> ‘snprintf’ output between 5 and 7 bytes into a destination of size 5
>     snprintf(bgx_sel, 5, "BGX%d", bgx->bgx_id);
> 
> compiler warning due to insufficient snprintf buffer size.
> 
> Signed-off-by: Alok Tiwari <alok.a.tiwari@...cle.com>
> ---
> v1->v2
> No changes. Targeting for net-next.
> https://lore.kernel.org/all/20250708160957.GQ452973@horms.kernel.org/

Thanks for the update.

Reviewed-by: Simon Horman <horms@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ