From: Jakub Kicinski <kuba@kernel.org>
To: Ivan Vecera <ivecera@redhat.com>
Cc: netdev@vger.kernel.org, Jiri Pirko <jiri@resnulli.us>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
Prathosh Satish <Prathosh.Satish@microchip.com>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
Michal Schmidt <mschmidt@redhat.com>,
Petr Oros <poros@redhat.com>,
Przemek Kitszel <przemyslaw.kitszel@intel.com>
Subject: Re: [PATCH net-next v3 3/5] dpll: zl3073x: Add firmware loading functionality
Date: Fri, 29 Aug 2025 16:52:18 -0700 [thread overview]
Message-ID: <20250829165218.4d597b8b@kernel.org> (raw)
In-Reply-To: <94247dbc-4be8-4464-ad3e-5b81bba5f70b@redhat.com>
On Fri, 29 Aug 2025 12:39:30 +0200 Ivan Vecera wrote:
> >> + strscpy(buf, *psrc, min(sizeof(buf), *psize));
> >> + rc = sscanf(buf, "%15s %u %n", name, &count, &pos);
> >> + if (!rc) {
> >> + /* No more data */
> >> + return 0;
> >> + } else if (rc == 1) {
> >> + ZL3073X_FW_ERR_MSG(zldev, extack, "invalid component size");
> >> + return -EINVAL;
> >> + }
> >> + *psrc += pos;
> >> + *psize -= pos;
> >
> > what if pos > *psize ? I think the parsing needs more care.
>
> This should not happen. strscpy copies min(32, *psize) from the source
> to buf and sscanf parses buf and fills pos by index from the buf.
> The pos cannot be greater than *psize...or did I miss something?
Glancing at it now, I think I was concerned that *psize will go
negative / wrap. So potentially leading to over-read of psrc,
rather than overflow of buf. But I could well be wrong..
next prev parent reply other threads:[~2025-08-29 23:52 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-13 17:44 [PATCH net-next v3 0/5] dpll: zl3073x: Add support for devlink flash Ivan Vecera
2025-08-13 17:44 ` [PATCH net-next v3 1/5] dpll: zl3073x: Add functions to access hardware registers Ivan Vecera
2025-08-13 17:44 ` [PATCH net-next v3 2/5] dpll: zl3073x: Add low-level flash functions Ivan Vecera
2025-08-13 17:44 ` [PATCH net-next v3 3/5] dpll: zl3073x: Add firmware loading functionality Ivan Vecera
2025-08-19 2:22 ` Jakub Kicinski
2025-08-29 10:39 ` Ivan Vecera
2025-08-29 23:52 ` Jakub Kicinski [this message]
2025-08-13 17:44 ` [PATCH net-next v3 4/5] dpll: zl3073x: Refactor DPLL initialization Ivan Vecera
2025-08-13 17:44 ` [PATCH net-next v3 5/5] dpll: zl3073x: Implement devlink flash callback Ivan Vecera
2025-08-19 2:29 ` Jakub Kicinski
2025-08-29 14:49 ` Ivan Vecera
2025-08-29 23:56 ` Jakub Kicinski
2025-09-01 16:34 ` Ivan Vecera
2025-09-01 17:05 ` Jakub Kicinski
2025-08-14 9:30 ` [PATCH net-next v3 0/5] dpll: zl3073x: Add support for devlink flash Przemek Kitszel
-- strict thread matches above, loose matches on Subject: below --
2025-08-20 2:24 [PATCH net-next v3 3/5] dpll: zl3073x: Add firmware loading functionality kernel test robot
2025-08-20 6:40 ` Dan Carpenter
2025-08-29 10:31 ` Ivan Vecera
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250829165218.4d597b8b@kernel.org \
--to=kuba@kernel.org \
--cc=Prathosh.Satish@microchip.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=ivecera@redhat.com \
--cc=jiri@resnulli.us \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mschmidt@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=poros@redhat.com \
--cc=przemyslaw.kitszel@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.