From: Lee Jones <lee@kernel.org>
To: lee@kernel.org, gregkh@linuxfoundation.org
Cc: linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
Cristian Birsan <cristian.birsan@microchip.com>,
Nicolas Ferre <nicolas.ferre@microchip.com>,
Alexandre Belloni <alexandre.belloni@bootlin.com>,
Claudiu Beznea <claudiu.beznea@tuxon.dev>,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH 07/12] usb: host: max3421-hcd: Replace snprintf() with the safer scnprintf() variant
Date: Wed, 13 Dec 2023 16:42:36 +0000 [thread overview]
Message-ID: <20231213164246.1021885-8-lee@kernel.org> (raw)
In-Reply-To: <20231213164246.1021885-1-lee@kernel.org>
There is a general misunderstanding amongst engineers that {v}snprintf()
returns the length of the data *actually* encoded into the destination
array. However, as per the C99 standard {v}snprintf() really returns
the length of the data that *would have been* written if there were
enough space for it. This misunderstanding has led to buffer-overruns
in the past. It's generally considered safer to use the {v}scnprintf()
variants in their place (or even sprintf() in simple cases). So let's
do that.
Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Cc: Cristian Birsan <cristian.birsan@microchip.com>
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Claudiu Beznea <claudiu.beznea@tuxon.dev>
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Lee Jones <lee@kernel.org>
---
drivers/usb/host/max3421-hcd.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/usb/host/max3421-hcd.c b/drivers/usb/host/max3421-hcd.c
index d152d72de1269..9fe4f48b18980 100644
--- a/drivers/usb/host/max3421-hcd.c
+++ b/drivers/usb/host/max3421-hcd.c
@@ -1158,12 +1158,12 @@ dump_eps(struct usb_hcd *hcd)
end = dp + sizeof(ubuf);
*dp = '\0';
list_for_each_entry(urb, &ep->urb_list, urb_list) {
- ret = snprintf(dp, end - dp, " %p(%d.%s %d/%d)", urb,
- usb_pipetype(urb->pipe),
- usb_urb_dir_in(urb) ? "IN" : "OUT",
- urb->actual_length,
- urb->transfer_buffer_length);
- if (ret < 0 || ret >= end - dp)
+ ret = scnprintf(dp, end - dp, " %p(%d.%s %d/%d)", urb,
+ usb_pipetype(urb->pipe),
+ usb_urb_dir_in(urb) ? "IN" : "OUT",
+ urb->actual_length,
+ urb->transfer_buffer_length);
+ if (ret == end - dp - 1)
break; /* error or buffer full */
dp += ret;
}
@@ -1255,9 +1255,9 @@ max3421_handle_irqs(struct usb_hcd *hcd)
end = sbuf + sizeof(sbuf);
*dp = '\0';
for (i = 0; i < 16; ++i) {
- int ret = snprintf(dp, end - dp, " %lu",
- max3421_hcd->err_stat[i]);
- if (ret < 0 || ret >= end - dp)
+ int ret = scnprintf(dp, end - dp, " %lu",
+ max3421_hcd->err_stat[i]);
+ if (ret == end - dp - 1)
break; /* error or buffer full */
dp += ret;
}
--
2.43.0.472.g3155946c3a-goog
WARNING: multiple messages have this Message-ID (diff)
From: Lee Jones <lee@kernel.org>
To: lee@kernel.org, gregkh@linuxfoundation.org
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>,
linux-usb@vger.kernel.org,
Claudiu Beznea <claudiu.beznea@tuxon.dev>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Cristian Birsan <cristian.birsan@microchip.com>
Subject: [PATCH 07/12] usb: host: max3421-hcd: Replace snprintf() with the safer scnprintf() variant
Date: Wed, 13 Dec 2023 16:42:36 +0000 [thread overview]
Message-ID: <20231213164246.1021885-8-lee@kernel.org> (raw)
In-Reply-To: <20231213164246.1021885-1-lee@kernel.org>
There is a general misunderstanding amongst engineers that {v}snprintf()
returns the length of the data *actually* encoded into the destination
array. However, as per the C99 standard {v}snprintf() really returns
the length of the data that *would have been* written if there were
enough space for it. This misunderstanding has led to buffer-overruns
in the past. It's generally considered safer to use the {v}scnprintf()
variants in their place (or even sprintf() in simple cases). So let's
do that.
Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Cc: Cristian Birsan <cristian.birsan@microchip.com>
Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
Cc: Claudiu Beznea <claudiu.beznea@tuxon.dev>
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Lee Jones <lee@kernel.org>
---
drivers/usb/host/max3421-hcd.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/usb/host/max3421-hcd.c b/drivers/usb/host/max3421-hcd.c
index d152d72de1269..9fe4f48b18980 100644
--- a/drivers/usb/host/max3421-hcd.c
+++ b/drivers/usb/host/max3421-hcd.c
@@ -1158,12 +1158,12 @@ dump_eps(struct usb_hcd *hcd)
end = dp + sizeof(ubuf);
*dp = '\0';
list_for_each_entry(urb, &ep->urb_list, urb_list) {
- ret = snprintf(dp, end - dp, " %p(%d.%s %d/%d)", urb,
- usb_pipetype(urb->pipe),
- usb_urb_dir_in(urb) ? "IN" : "OUT",
- urb->actual_length,
- urb->transfer_buffer_length);
- if (ret < 0 || ret >= end - dp)
+ ret = scnprintf(dp, end - dp, " %p(%d.%s %d/%d)", urb,
+ usb_pipetype(urb->pipe),
+ usb_urb_dir_in(urb) ? "IN" : "OUT",
+ urb->actual_length,
+ urb->transfer_buffer_length);
+ if (ret == end - dp - 1)
break; /* error or buffer full */
dp += ret;
}
@@ -1255,9 +1255,9 @@ max3421_handle_irqs(struct usb_hcd *hcd)
end = sbuf + sizeof(sbuf);
*dp = '\0';
for (i = 0; i < 16; ++i) {
- int ret = snprintf(dp, end - dp, " %lu",
- max3421_hcd->err_stat[i]);
- if (ret < 0 || ret >= end - dp)
+ int ret = scnprintf(dp, end - dp, " %lu",
+ max3421_hcd->err_stat[i]);
+ if (ret == end - dp - 1)
break; /* error or buffer full */
dp += ret;
}
--
2.43.0.472.g3155946c3a-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-12-13 16:43 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-13 16:42 [PATCH 00/12] usb: Replace {v}snprintf() variants with safer alternatives Lee Jones
2023-12-13 16:42 ` Lee Jones
2023-12-13 16:42 ` [PATCH 01/12] usb: gadget: configfs: Replace snprintf() with the safer scnprintf() variant Lee Jones
2023-12-13 16:42 ` [PATCH 02/12] usb: gadget: f_uac1: " Lee Jones
2023-12-13 16:42 ` [PATCH 03/12] usb: gadget: f_uac2: " Lee Jones
2023-12-13 16:42 ` [PATCH 04/12] usb: gadget: uvc: " Lee Jones
2023-12-13 16:47 ` Laurent Pinchart
2023-12-13 16:42 ` [PATCH 05/12] usb: gadget: udc: atmel: " Lee Jones
2023-12-13 16:42 ` Lee Jones
2023-12-13 16:42 ` [PATCH 06/12] usb: cdns2: " Lee Jones
2023-12-13 16:42 ` Lee Jones [this message]
2023-12-13 16:42 ` [PATCH 07/12] usb: host: max3421-hcd: " Lee Jones
2023-12-13 16:42 ` [PATCH 08/12] usb: yurex: " Lee Jones
2023-12-13 16:42 ` [PATCH 09/12] usb: mon_stat: " Lee Jones
2023-12-13 16:42 ` [PATCH 10/12] usb: mon_text: " Lee Jones
2023-12-13 16:42 ` [PATCH 11/12] usb: phy: twl6030: Remove snprintf() from sysfs call-backs and replace with sysfs_emit() Lee Jones
2023-12-13 16:42 ` [PATCH 12/12] usb: storage: " Lee Jones
2023-12-13 18:15 ` Alan Stern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231213164246.1021885-8-lee@kernel.org \
--to=lee@kernel.org \
--cc=alexandre.belloni@bootlin.com \
--cc=claudiu.beznea@tuxon.dev \
--cc=cristian.birsan@microchip.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=nicolas.ferre@microchip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.