Hello! This is an experimental semi-automated report about issues detected by Coverity from a scan of next-20230113 as part of the linux-next scan project: https://scan.coverity.com/projects/linux-next-weekly-scan You're getting this email because you were associated with the identified lines of code (noted below) that were touched by commits: Wed Jan 11 15:35:11 2023 +0100 c4fcc617e148 ("printk: introduce console_prepend_dropped() for dropped messages") Coverity reported the following: *** CID 1530570: Memory - corruptions (OVERRUN) kernel/printk/printk.c:2738 in console_prepend_dropped() 2732 /* Truncate the message, but keep it terminated. */ 2733 pmsg->outbuf_len = outbuf_sz - (len + 1); 2734 outbuf[pmsg->outbuf_len] = 0; 2735 } 2736 2737 memmove(outbuf + len, outbuf, pmsg->outbuf_len + 1); vvv CID 1530570: Memory - corruptions (OVERRUN) vvv Overrunning buffer pointed to by "scratchbuf" of 1024 bytes by passing it to a function which accesses it at byte offset 1998 using argument "len" (which evaluates to 1999). [Note: The source code implementation of the function has been overridden by a builtin model.] 2738 memcpy(outbuf, scratchbuf, len); 2739 pmsg->outbuf_len += len; 2740 } 2741 #else 2742 #define console_prepend_dropped(pmsg, dropped) 2743 #endif /* CONFIG_PRINTK */ If this is a false positive, please let us know so we can mark it as such, or teach the Coverity rules to be smarter. If not, please make sure fixes get into linux-next. :) For patches fixing this, please include these lines (but double-check the "Fixes" first): Reported-by: coverity-bot <keescook+coverity-bot@xxxxxxxxxxxx> Addresses-Coverity-ID: 1530570 ("Memory - corruptions") Fixes: c4fcc617e148 ("printk: introduce console_prepend_dropped() for dropped messages") Thanks for your attention! Human notes from Kees: I'm not sure how it got 1998, but I do see that snprintf() should probably be scnprintf(), otherwise "len" might be a lie (i.e. it'll hold what it WANTED to write, rather than what it actually wrote). -- Coverity-bot
