| Message ID | 20201217180057.23786-1-rf@opensource.cirrus.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v3,1/4] lib: vsprintf: scanf: Negative number must have field width > 1 | expand |
On Thu 2020-12-17 18:00:54, Richard Fitzgerald wrote: > If a signed number field starts with a '-' the field width must be > 1, > or unlimited, to allow at least one digit after the '-'. > > This patch adds a check for this. If a signed field starts with '-' > and field_width == 1 the scanf will quit. > > It is ok for a signed number field to have a field width of 1 if it > starts with a digit. In that case the single digit can be converted. The change makes perfect sense. vsscanf() should always process only one character when the field width is 1. Well, it has a potential to break existing users that rely on the broken behavior. Fortunately, there seems be only one: drivers/net/wireless/intel/iwlegacy/3945-mac.c: if (sscanf(buf, "%1i", &ant) != 1) { It is used to set a device parameter: il3945_mod_params.antenna. There are three valid values: enum il3945_antenna { IL_ANTENNA_DIVERSITY, IL_ANTENNA_MAIN, IL_ANTENNA_AUX }; So, we should be on the safe side. Anyway, adding people from get_maintainer.pl drivers/net/wireless/intel/iwlegacy/3945-mac.c so that they are aware of this. > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> Reviewed-by: Petr Mladek <pmladek@suse.com> Best Regards, Petr > --- > lib/vsprintf.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/lib/vsprintf.c b/lib/vsprintf.c > index 14c9a6af1b23..8954ff94a53c 100644 > --- a/lib/vsprintf.c > +++ b/lib/vsprintf.c > @@ -3433,8 +3433,12 @@ int vsscanf(const char *buf, const char *fmt, va_list args) > str = skip_spaces(str); > > digit = *str; > - if (is_sign && digit == '-') > + if (is_sign && digit == '-') { > + if (field_width == 1) > + break; > + > digit = *(str + 1); > + } > > if (!digit > || (base == 16 && !isxdigit(digit)) > -- > 2.20.1
Sigh, I have just realized that Andy and Rasmus, the other vsprintf maintainers and reviewers, were not in CC. I am sorry for not noticing this earlier. The patchset is ready for 5.12 from my POV. Best Regards, Petr On Thu 2020-12-17 18:00:54, Richard Fitzgerald wrote: > If a signed number field starts with a '-' the field width must be > 1, > or unlimited, to allow at least one digit after the '-'. > > This patch adds a check for this. If a signed field starts with '-' > and field_width == 1 the scanf will quit. > > It is ok for a signed number field to have a field width of 1 if it > starts with a digit. In that case the single digit can be converted. > > Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> > --- > lib/vsprintf.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/lib/vsprintf.c b/lib/vsprintf.c > index 14c9a6af1b23..8954ff94a53c 100644 > --- a/lib/vsprintf.c > +++ b/lib/vsprintf.c > @@ -3433,8 +3433,12 @@ int vsscanf(const char *buf, const char *fmt, va_list args) > str = skip_spaces(str); > > digit = *str; > - if (is_sign && digit == '-') > + if (is_sign && digit == '-') { > + if (field_width == 1) > + break; > + > digit = *(str + 1); > + } > > if (!digit > || (base == 16 && !isxdigit(digit)) > -- > 2.20.1
On Mon, Jan 11, 2021 at 12:28 PM Petr Mladek <pmladek@suse.com> wrote: > > Sigh, I have just realized that Andy and Rasmus, the other > vsprintf maintainers and reviewers, were not in CC. > I am sorry for not noticing this earlier. > > The patchset is ready for 5.12 from my POV. Thanks, Petr! I have one question, do we have a test case for that? If not, I prefer defer until a test case will be provided.
On 11/01/2021 10:25, Petr Mladek wrote: > Sigh, I have just realized that Andy and Rasmus, the other > vsprintf maintainers and reviewers, were not in CC. Sorry, probably my fault. I sent to the maintainers and lists reported by get_maintainers.sh. I guess I missed that "reviewers" should also be directly mailed. > I am sorry for not noticing this earlier. > > The patchset is ready for 5.12 from my POV. > > Best Regards, > Petr > > On Thu 2020-12-17 18:00:54, Richard Fitzgerald wrote: >> If a signed number field starts with a '-' the field width must be > 1, >> or unlimited, to allow at least one digit after the '-'. >> >> This patch adds a check for this. If a signed field starts with '-' >> and field_width == 1 the scanf will quit. >> >> It is ok for a signed number field to have a field width of 1 if it >> starts with a digit. In that case the single digit can be converted. >> >> Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> >> --- >> lib/vsprintf.c | 6 +++++- >> 1 file changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/lib/vsprintf.c b/lib/vsprintf.c >> index 14c9a6af1b23..8954ff94a53c 100644 >> --- a/lib/vsprintf.c >> +++ b/lib/vsprintf.c >> @@ -3433,8 +3433,12 @@ int vsscanf(const char *buf, const char *fmt, va_list args) >> str = skip_spaces(str); >> >> digit = *str; >> - if (is_sign && digit == '-') >> + if (is_sign && digit == '-') { >> + if (field_width == 1) >> + break; >> + >> digit = *(str + 1); >> + } >> >> if (!digit >> || (base == 16 && !isxdigit(digit)) >> -- >> 2.20.1
On 11/01/2021 10:36, Andy Shevchenko wrote: > On Mon, Jan 11, 2021 at 12:28 PM Petr Mladek <pmladek@suse.com> wrote: >> >> Sigh, I have just realized that Andy and Rasmus, the other >> vsprintf maintainers and reviewers, were not in CC. >> I am sorry for not noticing this earlier. >> >> The patchset is ready for 5.12 from my POV. > > Thanks, Petr! > > I have one question, do we have a test case for that? If not, I prefer > defer until a test case will be provided. > See patch 3, numbers_prefix_overflow()
On 11/01/2021 10:39, Richard Fitzgerald wrote: > On 11/01/2021 10:36, Andy Shevchenko wrote: >> On Mon, Jan 11, 2021 at 12:28 PM Petr Mladek <pmladek@suse.com> wrote: >>> >>> Sigh, I have just realized that Andy and Rasmus, the other >>> vsprintf maintainers and reviewers, were not in CC. >>> I am sorry for not noticing this earlier. >>> >>> The patchset is ready for 5.12 from my POV. >> >> Thanks, Petr! >> >> I have one question, do we have a test case for that? If not, I prefer >> defer until a test case will be provided. >> > > See patch 3, numbers_prefix_overflow() Sorry, I missed you off the original mailing so you won't have seen the other patches. Patch 3 with the test cases is here: https://lore.kernel.org/lkml/X%2FwnoJLEt0zQskDU@alley/T/#mf2ffba20126e438bea7af171bc78fdbebdb40027
On Mon, Jan 11, 2021 at 10:43:17AM +0000, Richard Fitzgerald wrote: > On 11/01/2021 10:39, Richard Fitzgerald wrote: > > On 11/01/2021 10:36, Andy Shevchenko wrote: > > > On Mon, Jan 11, 2021 at 12:28 PM Petr Mladek <pmladek@suse.com> wrote: > > > > > > > > Sigh, I have just realized that Andy and Rasmus, the other > > > > vsprintf maintainers and reviewers, were not in CC. > > > > I am sorry for not noticing this earlier. > > > > > > > > The patchset is ready for 5.12 from my POV. > > > > > > Thanks, Petr! > > > > > > I have one question, do we have a test case for that? If not, I prefer > > > defer until a test case will be provided. > > > > > > > See patch 3, numbers_prefix_overflow() > > Sorry, I missed you off the original mailing so you won't have > seen the other patches. > Patch 3 with the test cases is here: > https://lore.kernel.org/lkml/X%2FwnoJLEt0zQskDU@alley/T/#mf2ffba20126e438bea7af171bc78fdbebdb40027 Good, you did it! Couple of remarks: - free resources in the same function where you allocated them - use post increment where it doesn't matter (like total_test)
On Mon, Jan 11, 2021 at 10:37:59AM +0000, Richard Fitzgerald wrote: > On 11/01/2021 10:25, Petr Mladek wrote: > > Sigh, I have just realized that Andy and Rasmus, the other > > vsprintf maintainers and reviewers, were not in CC. > > Sorry, probably my fault. I sent to the maintainers and lists reported > by get_maintainers.sh. I guess I missed that "reviewers" should also > be directly mailed. I usually use the following (not 100% guarantee, but quite close): scripts/get_maintainer.pl --git --git-min-percent=67
diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 14c9a6af1b23..8954ff94a53c 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -3433,8 +3433,12 @@ int vsscanf(const char *buf, const char *fmt, va_list args) str = skip_spaces(str); digit = *str; - if (is_sign && digit == '-') + if (is_sign && digit == '-') { + if (field_width == 1) + break; + digit = *(str + 1); + } if (!digit || (base == 16 && !isxdigit(digit))
If a signed number field starts with a '-' the field width must be > 1, or unlimited, to allow at least one digit after the '-'. This patch adds a check for this. If a signed field starts with '-' and field_width == 1 the scanf will quit. It is ok for a signed number field to have a field width of 1 if it starts with a digit. In that case the single digit can be converted. Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> --- lib/vsprintf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)