On Fri, 2010-07-23 at 12:04 +0200, Dan Carpenter wrote: > This is a smatch thing. I suppose someday I will fix smatch to > evaulate the strings themselves and verify that the buffer is large > enough. But for now it's nice to be able to automatically check that > the buffers don't overflow. There are also many repeated uses of snprintf in kernel sources that could similarly be a problem. bar += snprintf(foo + bar, ...) bar += snprintf(foo + bar, ...) or foo += snprintf(foo, ...) foo += snprintf(foo, ...) For instance: $ grep -P -n -A 4 -m 3 "\+=\s*snprintf" drivers/net/wireless/ath/ath5k/debug.c 210: len += snprintf(buf+len, sizeof(buf)-len, 211- "%-24s0x%08x\tintval: %d\tTIM: 0x%x\n", 212- "AR5K_BEACON", v, v & AR5K_BEACON_PERIOD, 213- (v & AR5K_BEACON_TIM) >> AR5K_BEACON_TIM_S); 214- 215: len += snprintf(buf+len, sizeof(buf)-len, "%-24s0x%08x\n", 216- "AR5K_LAST_TSTP", ath5k_hw_reg_read(sc->ah, AR5K_LAST_TSTP)); 217- 218: len += snprintf(buf+len, sizeof(buf)-len, "%-24s0x%08x\n\n", 219- "AR5K_BEACON_CNT", ath5k_hw_reg_read(sc->ah, AR5K_BEACON_CNT)); 220- A conversion from snprintf to scnprintf might be appropriate for those patterns. -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html