On Mon, Aug 22, 2022 at 10:49:20AM -0600, Yu Zhao wrote:
> On Mon, Aug 22, 2022 at 5:22 AM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> >
> > Hello Yu Zhao,
> >
> > The patch e02f70ddcaca: "mm: multi-gen LRU: debugfs interface" from
> > Aug 15, 2022, leads to the following Smatch static checker warning:
> >
> > mm/vmscan.c:5706 lru_gen_seq_write()
> > warn: uncapped user index 'cur[end]'
> >
> > mm/vmscan.c
> > 5654 static ssize_t lru_gen_seq_write(struct file *file, const char __user *src,
> > 5655 size_t len, loff_t *pos)
>
> ...
>
> > 5704 n = sscanf(cur, "%c %u %u %lu %n %u %n %lu %n", &cmd, &memcg_id, &nid,
> > 5705 &seq, &end, &swappiness, &end, &opt, &end);
> > --> 5706 if (n < 4 || cur[end]) {
> > ^^^^^^^^
> > The static checker is correct that "end" comes from the user and it
> > can be any unsigned int.
>
> Thanks. No, %n is not a conversion -- sscanf() stores the number of
> chars consumed so far upon seeing it.
>
> What would be the recommended way to suppress this warning, if there is one?
Ah. Sorry!
I didn't realize %n can be in the middle like that so Smatch only looks
for %n at the end of the string. Easily fixed in Smatch.
regards,
dan carpenter
