>> Hello Petr, > >Hello Kumagai-san, > >> >To quote the sprintf(3) man page: >> > >> > Some programs imprudently rely on code such as the following >> > >> > sprintf(buf, "%s some further text", buf); >> > >> > to append text to buf. However, the standards explicitly note that >> > the results are undefined if source and destination buffers overlap >> > when calling sprintf(), snprintf(), vsprintf(), and vsnprintf(). >> > Depending on the version of gcc(1) used, and the compiler options >> > employed, calls such as the above will not produce the expected results. >> > >> >The original code is actually miscompiled on openSUSE 13.1. >> > >> >It's also overkill to call sprintf() for something that can be done >> >with a simple assignment. >> > >> >Signed-off-by: Petr Tesarik <ptesarik at suse.cz> >> >> Thanks, it seems good to me. >> >> Actually, Nick sent the same patch in last July and we tried to >> take care of buffer overflow at the same time as below: >> >> http://lists.infradead.org/pipermail/kexec/2013-August/009430.html >> >> However, this thread has been left open, so I was wondering if you >> could take over this work. Of course you can decline this, then I'll >> do it later as another patch. > >I don't mind taking over this work, but I don't think it's a good thing >to combine the buffer overflow fix with the sprintf buffer overlap >fix. > >What is the expected plan? Are you waiting for me to send a two-patch >series now? Yes, I agree with separating the two fixes. Thanks for your help ! Atsushi Kumagai >Petr Tesarik > >_______________________________________________ >kexec mailing list >kexec at lists.infradead.org >http://lists.infradead.org/mailman/listinfo/kexec
