From: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
To: Ard Biesheuvel <ardb@kernel.org>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Steven Rostedt <rostedt@goodmis.org>,
Josh Law <objecting@objecting.org>,
Andrew Morton <akpm@linux-foundation.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [RFC PATCH 0/1] lib/vsnprintf: Limit the returning size to INT_MAX
Date: Wed, 18 Mar 2026 10:19:46 +0900 [thread overview]
Message-ID: <177379678638.535490.18200744206158553364.stgit@devnote2> (raw)
Hi,
Recently we discussed snprintf() usage in bootconfig and found snprintf()
design has a problem[1]. It returns the required or printed size in 'int'
but the maxlen is passed by 'size_t'. If the maxlen is bigger than INT_MAX
(this should never happen), it can not return the size correctly, that
becomes negative value or very shorter than it has actually done.
I think it should not be handled by caller side, instead, vsnprintf()
should handle it. This is an extremely unlikely input, and if we need to
address it, I think we should keep the fix to a minimum (in performance
point of view).
Thus I just limited the returning size to INT_MAX. If caller sees the
*printf() returns INT_MAX, it can handle it as an error or use strlen()
to get real printed size (but I don't recommend it.)
IMHO, this input is basically impossible unless done intentionally,
so I think it's a form of over-engineering. Therefore, this is an
RFC patch.
A question is that we should use WARN_ON() when the return size is over
INT_MAX. Currently this just returns INT_MAX (no warning) because this is
a library function, which can be called from anywhere.
[1] https://lore.kernel.org/all/20260317121507.30735331@gandalf.local.home/
Thank you,
---
Masami Hiramatsu (Google) (1):
lib/vsprintf: Limit the returning size to INT_MAX
drivers/firmware/efi/libstub/vsprintf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
next reply other threads:[~2026-03-18 1:19 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-18 1:19 Masami Hiramatsu (Google) [this message]
2026-03-18 1:19 ` [RFC PATCH 1/1] lib/vsprintf: Limit the returning size to INT_MAX Masami Hiramatsu (Google)
2026-03-18 13:47 ` Steven Rostedt
2026-03-18 15:12 ` David Laight
2026-03-19 0:07 ` Masami Hiramatsu
2026-03-18 23:50 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=177379678638.535490.18200744206158553364.stgit@devnote2 \
--to=mhiramat@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=ardb@kernel.org \
--cc=ilias.apalodimas@linaro.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=objecting@objecting.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.