lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aTwqqxPgMWG9CqJL@horms.kernel.org>
Date: Fri, 12 Dec 2025 14:46:03 +0000
From: Simon Horman <horms@...nel.org>
To: kernel test robot <lkp@...el.com>
Cc: Ilya Krutskih <devsec@....ru>, Andrew Lunn <andrew+netdev@...n.ch>,
	oe-kbuild-all@...ts.linux.dev, Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...nel.org>, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org,
	stable@...r.kernel.org
Subject: Re: [PATCH v2] net: fealnx: fix possible 'card_idx' integer overflow
 in

On Fri, Dec 12, 2025 at 07:30:04PM +0800, kernel test robot wrote:
> Hi Ilya,
> 
> kernel test robot noticed the following build warnings:
> 
> [auto build test WARNING on net-next/main]
> [also build test WARNING on net/main linus/master v6.18 next-20251212]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
> 
> url:    https://github.com/intel-lab-lkp/linux/commits/Ilya-Krutskih/net-fealnx-fix-possible-card_idx-integer-overflow-in/20251212-013335
> base:   net-next/main
> patch link:    https://lore.kernel.org/r/20251211173035.852756-1-devsec%40tpz.ru
> patch subject: [PATCH v2] net: fealnx: fix possible 'card_idx' integer overflow in
> config: alpha-allyesconfig (https://download.01.org/0day-ci/archive/20251212/202512121907.n3Bzh2zF-lkp@intel.com/config)
> compiler: alpha-linux-gcc (GCC) 15.1.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251212/202512121907.n3Bzh2zF-lkp@intel.com/reproduce)
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202512121907.n3Bzh2zF-lkp@intel.com/
> 
> All warnings (new ones prefixed by >>):
> 
>    drivers/net/ethernet/fealnx.c: In function 'fealnx_init_one':
> >> drivers/net/ethernet/fealnx.c:496:35: warning: '%d' directive writing between 1 and 11 bytes into a region of size 6 [-Wformat-overflow=]
>      496 |         sprintf(boardname, "fealnx%d", card_idx);
>          |                                   ^~
>    drivers/net/ethernet/fealnx.c:496:28: note: directive argument in the range [-2147483647, 2147483647]
>      496 |         sprintf(boardname, "fealnx%d", card_idx);
>          |                            ^~~~~~~~~~
>    drivers/net/ethernet/fealnx.c:496:9: note: 'sprintf' output between 8 and 18 bytes into a destination of size 12
>      496 |         sprintf(boardname, "fealnx%d", card_idx);
>          |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Although I think these new warnings are not strictly for problems
introduced by this patch. They do make me wonder
if it would be best to cap card_index MAX_UNITS and
return an error if that limit is exceeded.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ