Re: [PATCH 5/7] bcache: Use scnprintf() for avoiding potential buffer overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 23 Mar 2020 08:04:39 +0100,
Hannes Reinecke wrote:
> 
> On 3/22/20 7:03 AM, Coly Li wrote:
> > From: Takashi Iwai <tiwai@xxxxxxx>
> >
> > Since snprintf() returns the would-be-output size instead of the
> > actual output size, the succeeding calls may go beyond the given
> > buffer limit.  Fix it by replacing with scnprintf().
> >
> > Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
> > Signed-off-by: Coly Li <colyli@xxxxxxx>
> > ---
> >   drivers/md/bcache/sysfs.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
> > index 3470fae4eabc..323276994aab 100644
> > --- a/drivers/md/bcache/sysfs.c
> > +++ b/drivers/md/bcache/sysfs.c
> > @@ -154,7 +154,7 @@ static ssize_t bch_snprint_string_list(char *buf,
> >   	size_t i;
> >     	for (i = 0; list[i]; i++)
> > -		out += snprintf(out, buf + size - out,
> > +		out += scnprintf(out, buf + size - out,
> >   				i == selected ? "[%s] " : "%s ", list[i]);
> >     	out[-1] = '\n';
> >
> Well, if you already consider a possible overflow here, why don't you
> abort the loop once 'out == buf + size' ?

Sure, feel free to optimize.  But no need to mix two things into a
single patch :)


thanks,

Takashi



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux ARM Kernel]     [Linux Filesystem Development]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux