From: David Laight <david.laight.linux@gmail.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
Petr Mladek <pmladek@suse.com>,
Steven Rostedt <rostedt@goodmis.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 0/2] lib/vsprintf: Fixes size check
Date: Wed, 25 Mar 2026 10:20:39 +0000 [thread overview]
Message-ID: <20260325102039.79afa79a@pumpkin> (raw)
In-Reply-To: <20260324220458.3ca2bfeb393eedb5cc7ff52d@linux-foundation.org>
On Tue, 24 Mar 2026 22:04:58 -0700
Andrew Morton <akpm@linux-foundation.org> wrote:
> On Wed, 25 Mar 2026 11:25:06 +0900 "Masami Hiramatsu (Google)" <mhiramat@kernel.org> wrote:
>
> > Here is the 4th version of patches to fix vsnprintf().
> >
> > - Fix to limit the size of width and precision.
> > - Warn if the return size is over INT_MAX.
> >
> > Previous version is here;
> >
> > https://lore.kernel.org/all/177410406326.38798.16853803119128725972.stgit@devnote2/
> >
> > In this version, do clamp() the width and precision before checking it and
> > accept negative precision[1/3] and add Petr's Reviewed-by[2/2].
>
> AI review has flagged a couple of possible issues:
> https://sashiko.dev/#/patchset/177440550682.147866.1854734911195480940.stgit@devnote2
I'd guess there are exactly 0 places where a negative precision is passed
to "%.*s" - if there were any someone would have complained about the
output being missing.
Checking all 759 cases grep -r '".*%.*\.%*s.*"' found will be tedious.
But pretty much all are 'namelen'.
In any case worst thing should be a panic if the code hits an invalid
address before finding a '\0' byte - probably unlikely anyway.
I'd fix it, but try to stop it being backported.
David
next prev parent reply other threads:[~2026-03-25 10:20 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-25 2:25 [PATCH v4 0/2] lib/vsprintf: Fixes size check Masami Hiramatsu (Google)
2026-03-25 2:25 ` [PATCH v4 1/2] lib/vsprintf: Fix to check field_width and precision Masami Hiramatsu (Google)
2026-03-25 10:00 ` David Laight
2026-03-25 10:22 ` Petr Mladek
2026-03-25 11:29 ` David Laight
2026-03-25 15:10 ` David Laight
2026-03-25 13:30 ` Masami Hiramatsu
2026-03-25 13:27 ` Masami Hiramatsu
2026-03-25 2:25 ` [PATCH v4 2/2] lib/vsprintf: Limit the returning size to INT_MAX Masami Hiramatsu (Google)
2026-03-25 5:04 ` [PATCH v4 0/2] lib/vsprintf: Fixes size check Andrew Morton
2026-03-25 5:41 ` Masami Hiramatsu
2026-03-25 10:20 ` David Laight [this message]
2026-03-26 7:39 ` Masami Hiramatsu
2026-03-26 9:12 ` David Laight
2026-03-27 7:28 ` Masami Hiramatsu
2026-03-27 10:12 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260325102039.79afa79a@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mhiramat@kernel.org \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=senozhatsky@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.