| Message ID | 20230117161031.15499-1-pmladek@suse.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | d551afc25878924991a4c65299dfa83df1cb9ef8 |
| Headers | show |
| Series | printk: Use scnprintf() to print the message about the dropped messages on a console | expand |
On 2023-01-17, Petr Mladek <pmladek@suse.com> wrote: > Reported-by: coverity-bot <keescook+coverity-bot@chromium.org> > Addresses-Coverity-ID: 1530570 ("Memory - corruptions") > Fixes: c4fcc617e148 ("printk: introduce console_prepend_dropped() for dropped messages") > Link: https://lore.kernel.org/r/202301131544.D9E804CCD@keescook > Signed-off-by: Petr Mladek <pmladek@suse.com> Reviewed-by: John Ogness <john.ogness@linutronix.de>
On (23/01/17 22:54), John Ogness wrote: > On 2023-01-17, Petr Mladek <pmladek@suse.com> wrote: > > Reported-by: coverity-bot <keescook+coverity-bot@chromium.org> > > Addresses-Coverity-ID: 1530570 ("Memory - corruptions") > > Fixes: c4fcc617e148 ("printk: introduce console_prepend_dropped() for dropped messages") > > Link: https://lore.kernel.org/r/202301131544.D9E804CCD@keescook > > Signed-off-by: Petr Mladek <pmladek@suse.com> > > Reviewed-by: John Ogness <john.ogness@linutronix.de> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
On Tue 2023-01-17 17:10:31, Petr Mladek wrote: > Use scnprintf() for printing the message about dropped messages on > a console. It returns the really written length of the message. > It prevents potential buffer overflow when the returned length is > later used to copy the buffer content. > > Note that the previous code was safe because the scratch buffer was > big enough and the message always fit in. But scnprintf() makes > it more safe, definitely. > > Reported-by: coverity-bot <keescook+coverity-bot@chromium.org> > Addresses-Coverity-ID: 1530570 ("Memory - corruptions") > Fixes: c4fcc617e148 ("printk: introduce console_prepend_dropped() for dropped messages") > Link: https://lore.kernel.org/r/202301131544.D9E804CCD@keescook > Signed-off-by: Petr Mladek <pmladek@suse.com> JFYI, the patch has been comitted into printk/linux.git, branch rework/buffers-cleanup. Best Regards, Petr
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index 55338bfd3b55..a9b7dade0d2e 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -2716,7 +2716,7 @@ static void console_prepend_dropped(struct printk_message *pmsg, unsigned long d char *outbuf = &pbufs->outbuf[0]; size_t len; - len = snprintf(scratchbuf, scratchbuf_sz, + len = scnprintf(scratchbuf, scratchbuf_sz, "** %lu printk messages dropped **\n", dropped); /*
Use scnprintf() for printing the message about dropped messages on a console. It returns the really written length of the message. It prevents potential buffer overflow when the returned length is later used to copy the buffer content. Note that the previous code was safe because the scratch buffer was big enough and the message always fit in. But scnprintf() makes it more safe, definitely. Reported-by: coverity-bot <keescook+coverity-bot@chromium.org> Addresses-Coverity-ID: 1530570 ("Memory - corruptions") Fixes: c4fcc617e148 ("printk: introduce console_prepend_dropped() for dropped messages") Link: https://lore.kernel.org/r/202301131544.D9E804CCD@keescook Signed-off-by: Petr Mladek <pmladek@suse.com> --- kernel/printk/printk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)