+ lib-string_helpers-fix-potential-snprintf-output-truncation.patch added to mm-hotfixes-unstable branch

+ lib-string_helpers-fix-potential-snprintf-output-truncation.patch added to mm-hotfixes-unstable branch

[Andrew Morton]

The patch titled
     Subject: lib: string_helpers: fix potential snprintf() output truncation
has been added to the -mm mm-hotfixes-unstable branch.  Its filename is
     lib-string_helpers-fix-potential-snprintf-output-truncation.patch

This patch will shortly appear at
     https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/lib-string_helpers-fix-potential-snprintf-output-truncation.patch

This patch will later appear in the mm-hotfixes-unstable branch at
    git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days

------------------------------------------------------
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Subject: lib: string_helpers: fix potential snprintf() output truncation
Date: Mon, 21 Oct 2024 11:14:17 +0200

The output of ".%03u" with the unsigned int in range [0, 4294966295] may
get truncated if the target buffer is not 12 bytes.

Link: https://lkml.kernel.org/r/20241021091417.37796-1-brgl@bgdev.pl
Fixes: 3c9f3681d0b4 ("[SCSI] lib: add generic helper to print sizes rounded to the correct SI range")
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Cc: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Kees Cook <kees@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 lib/string_helpers.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/lib/string_helpers.c~lib-string_helpers-fix-potential-snprintf-output-truncation
+++ a/lib/string_helpers.c
@@ -57,7 +57,7 @@ int string_get_size(u64 size, u64 blk_si
 	static const unsigned int rounding[] = { 500, 50, 5 };
 	int i = 0, j;
 	u32 remainder = 0, sf_cap;
-	char tmp[8];
+	char tmp[12];
 	const char *unit;
 
 	tmp[0] = '\0';
_

Patches currently in -mm which might be from bartosz.golaszewski@linaro.org are

lib-string_helpers-fix-potential-snprintf-output-truncation.patch

Re: + lib-string_helpers-fix-potential-snprintf-output-truncation.patch added to mm-hotfixes-unstable branch

[James Bottomley]

On Wed, 2024-10-23 at 19:52 -0700, Andrew Morton wrote:
> 
> The patch titled
>      Subject: lib: string_helpers: fix potential snprintf() output
> truncation
> has been added to the -mm mm-hotfixes-unstable branch.  Its filename
> is
>      lib-string_helpers-fix-potential-snprintf-output-
> truncation.patch
> 
> This patch will shortly appear at
>     
> https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/lib-string_helpers-fix-potential-snprintf-output-truncation.patch
> 
> This patch will later appear in the mm-hotfixes-unstable branch at
>     git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
> 
> Before you just go and hit "reply", please:
>    a) Consider who else should be cc'ed
>    b) Prefer to cc a suitable mailing list as well
>    c) Ideally: find the original patch on the mailing list and do a
>       reply-to-all to that, adding suitable additional cc's
> 
> *** Remember to use Documentation/process/submit-checklist.rst when
> testing your code ***
> 
> The -mm tree is included into linux-next via the mm-everything
> branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
> and is updated there every 2-3 working days
> 
> ------------------------------------------------------
> From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
> Subject: lib: string_helpers: fix potential snprintf() output
> truncation
> Date: Mon, 21 Oct 2024 11:14:17 +0200
> 
> The output of ".%03u" with the unsigned int in range [0, 4294966295]
> may get truncated if the target buffer is not 12 bytes.

I think we all agree the explanation isn't accurate: remainder will be
between 0-999 (not range [0, 4294966295]) which means that the string
will only ever be 5 bytes (including leading zero).

This might be required to correct a compiler false warning, but if it
is applied, the patch description should say this.

James

Re: + lib-string_helpers-fix-potential-snprintf-output-truncation.patch added to mm-hotfixes-unstable branch

[Andrew Morton]

On Wed, 23 Oct 2024 23:08:46 -0400 James Bottomley <James.Bottomley@HansenPartnership.com> wrote:

> > The output of ".%03u" with the unsigned int in range [0, 4294966295]
> > may get truncated if the target buffer is not 12 bytes.
> 
> I think we all agree the explanation isn't accurate: remainder will be
> between 0-999 (not range [0, 4294966295]) which means that the string
> will only ever be 5 bytes (including leading zero).
> 
> This might be required to correct a compiler false warning, but if it
> is applied, the patch description should say this.
> 

Thanks, I've added a note-to-self that a new version is expected.