From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 742E33976B8
	for <linux-kernel@vger.kernel.org>; Thu, 26 Mar 2026 11:51:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1774525899; cv=none; b=b6jfpvaPkZmsFmmrlJkHDJqxzdq9l6DrzTv0Nt0ltx/l6KKzGyazQb8IrhO45/q6r95oB/c2UEbqk7/1KXCFwzQryiRWA8gMC50h//5ShWeKviywW/347jGwBVTjXFj8m6W+tS5I6fJpSSNcz7YUTa/LWH3rDuHmhDZ98mGK830=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1774525899; c=relaxed/simple;
	bh=tgagXUiJ0JTE5B4gNDXWSn8h/NL6RUlRiQ7pnZ/xiGc=;
	h=Date:From:To:Cc:Subject:Message-Id:In-Reply-To:References:
	 Mime-Version:Content-Type; b=L4bQ7Pa1m6FtbOgMTaXjLcLACv0WHsAlPq0w6KmuFd56N2fT4in+O5ODbHcbWmzcPki+WTt5HPQ4PyYjDSzlzKAkUR6/fEzJp27PvROF37vS0pohLulF6XXNR6HrdyPl48MdOVpd9dvdaP5HRce/t7nZmZn8J6hU/nBo6vMF7LQ=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=VYZtZom+; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="VYZtZom+"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2B607C19423;
	Thu, 26 Mar 2026 11:51:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1774525899;
	bh=tgagXUiJ0JTE5B4gNDXWSn8h/NL6RUlRiQ7pnZ/xiGc=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=VYZtZom+oSrxFATGHEYRDb/vQzsKTrtdlHtUulXJhnOFo7ANEVFew21LS5dTRw1f9
	 mFJOqMvHoYTExjy/G/H73s4zU8xL1AJiFsSdHBM+McsE9F17ygoYyi58bBCE3hAJcM
	 JqMbgb5kKSx80aKOjFyBG2Ptn4kz1137fIz44DGky0mRPlIsVty7s9hv5wTliBb1CC
	 YZdD4r1gnYCuGaDZOB9L1FVO+bVs92Pd+6ZSK9RyW/9AIrM0P/Cit0O6oWMeX5xdQf
	 CH2GNSolspqayXOP+9eZ8exDF/FYuM23VEKBFQOJGmtKZ5Mj+gRoJ1+/XaifOHDF2S
	 +R5Eu3ZrEbS5A==
Date: Thu, 26 Mar 2026 20:51:35 +0900
From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Petr Mladek <pmladek@suse.com>, Steven Rostedt <rostedt@goodmis.org>,
 Rasmus Villemoes <linux@rasmusvillemoes.dk>, Sergey Senozhatsky
 <senozhatsky@chromium.org>, Andrew Morton <akpm@linux-foundation.org>,
 David Laight <david.laight.linux@gmail.com>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v5 0/2] lib/vsprintf: Fixes size check
Message-Id: <20260326205135.5d183aa2eb8d28e8dc5d8320@kernel.org>
In-Reply-To: <acUCU8ybll5jMP7e@ashevche-desk.local>
References: <177444525139.185641.12184379647176430297.stgit@devnote2>
	<20260325224158.d5366b99fd0a1eb54ce5e19b@kernel.org>
	<acUCU8ybll5jMP7e@ashevche-desk.local>
X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Thu, 26 Mar 2026 11:54:27 +0200
Andy Shevchenko <andriy.shevchenko@linux.intel.com> wrote:

> On Wed, Mar 25, 2026 at 10:41:58PM +0900, Masami Hiramatsu wrote:
> > On Wed, 25 Mar 2026 22:27:31 +0900
> > "Masami Hiramatsu (Google)" <mhiramat@kernel.org> wrote:
> > 
> > > Hi,
> > > 
> > > Here is the 5th version of patches to fix vsnprintf().
> > > 
> > >  - Fix to limit the size of width and precision.
> > >  - Warn if the return size is over INT_MAX.
> > > 
> > > Previous version is here;
> > > 
> > > https://lore.kernel.org/all/177440550682.147866.1854734911195480940.stgit@devnote2/
> > > 
> > > In this version, negative precision is treated as zero to match the
> > > previous behavior and check the field/precision passed as string
> > > literals too[1/2]. Also, update bstr_printf() not to return negative
> > > value[2/2].
> 
> > BTW, skip_atoi() is used for converting precision and width,
> > but this does not check the overflow. This is expected to be
> > checked by compiler (-Wformat-overflow) but it checks the
> > width <= INT_MAX, but precision <= LONG_MAX (why?) and clang
> > does not check precision.
> > 
> > To avoid this issue, below fix is needed, but I'm not sure
> > this is meaningful check, because with [1/2] change, the
> > return value is limited anyway, and it's easy to check
> > during the review process if an obviously abnormal
> > precision value is passed in the format string.
> 
> > diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> 
> I you event want to do that, it should use macros from overflow.h,
> also see how kstrto*() and memparse() perform such checks. Also
> this may slow down the conversion.

Agreed, I don't want to push it. Since this overflow currently
only happens on precision and only by string literals, I think
it is better to be checked by review process.

Thank you,

> 
> -- 
> With Best Regards,
> Andy Shevchenko
> 
> 


-- 
Masami Hiramatsu (Google) <mhiramat@kernel.org>