| Message ID | 20200322060305.70637-6-colyli@suse.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | bcache patches for Linux v5.7-rc1 | expand |
On 3/22/20 7:03 AM, Coly Li wrote: > From: Takashi Iwai <tiwai@suse.de> > > Since snprintf() returns the would-be-output size instead of the > actual output size, the succeeding calls may go beyond the given > buffer limit. Fix it by replacing with scnprintf(). > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > Signed-off-by: Coly Li <colyli@suse.de> > --- > drivers/md/bcache/sysfs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c > index 3470fae4eabc..323276994aab 100644 > --- a/drivers/md/bcache/sysfs.c > +++ b/drivers/md/bcache/sysfs.c > @@ -154,7 +154,7 @@ static ssize_t bch_snprint_string_list(char *buf, > size_t i; > > for (i = 0; list[i]; i++) > - out += snprintf(out, buf + size - out, > + out += scnprintf(out, buf + size - out, > i == selected ? "[%s] " : "%s ", list[i]); > > out[-1] = '\n'; > Well, if you already consider a possible overflow here, why don't you abort the loop once 'out == buf + size' ? Cheers, Hannes
On Mon, 23 Mar 2020 08:04:39 +0100, Hannes Reinecke wrote: > > On 3/22/20 7:03 AM, Coly Li wrote: > > From: Takashi Iwai <tiwai@suse.de> > > > > Since snprintf() returns the would-be-output size instead of the > > actual output size, the succeeding calls may go beyond the given > > buffer limit. Fix it by replacing with scnprintf(). > > > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > > Signed-off-by: Coly Li <colyli@suse.de> > > --- > > drivers/md/bcache/sysfs.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c > > index 3470fae4eabc..323276994aab 100644 > > --- a/drivers/md/bcache/sysfs.c > > +++ b/drivers/md/bcache/sysfs.c > > @@ -154,7 +154,7 @@ static ssize_t bch_snprint_string_list(char *buf, > > size_t i; > > for (i = 0; list[i]; i++) > > - out += snprintf(out, buf + size - out, > > + out += scnprintf(out, buf + size - out, > > i == selected ? "[%s] " : "%s ", list[i]); > > out[-1] = '\n'; > > > Well, if you already consider a possible overflow here, why don't you > abort the loop once 'out == buf + size' ? Sure, feel free to optimize. But no need to mix two things into a single patch :) thanks, Takashi
diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index 3470fae4eabc..323276994aab 100644 --- a/drivers/md/bcache/sysfs.c +++ b/drivers/md/bcache/sysfs.c @@ -154,7 +154,7 @@ static ssize_t bch_snprint_string_list(char *buf, size_t i; for (i = 0; list[i]; i++) - out += snprintf(out, buf + size - out, + out += scnprintf(out, buf + size - out, i == selected ? "[%s] " : "%s ", list[i]); out[-1] = '\n';