[PATCH] vsprintf.c cleanups

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] vsprintf.c cleanups
@ 2005-02-24 23:16 Brian Gerst
  2005-02-25  0:59 ` Horst von Brand
  0 siblings, 1 reply; 6+ messages in thread
From: Brian Gerst @ 2005-02-24 23:16 UTC (permalink / raw)
  To: Andrew Morton; +Cc: lkml

[-- Attachment #1: Type: text/plain, Size: 207 bytes --]

- Make sprintf call vsnprintf directly
- use INT_MAX for sprintf and vsprintf

Signed-off-by: Brian Gerst <bgerst@didntduck.org>

  vsprintf.c |    4 ++--
  1 files changed, 2 insertions(+), 2 deletions(-)


[-- Attachment #2: vsprintf.diff --]
[-- Type: text/plain, Size: 555 bytes --]

diff -urN linux-2.6.11-rc5/lib/vsprintf.c linux/lib/vsprintf.c
--- linux-2.6.11-rc5/lib/vsprintf.c	2004-08-24 08:43:15.000000000 -0400
+++ linux/lib/vsprintf.c	2005-02-24 17:59:28.000000000 -0500
@@ -580,7 +580,7 @@
  */
 int vsprintf(char *buf, const char *fmt, va_list args)
 {
-	return vsnprintf(buf, (~0U)>>1, fmt, args);
+	return vsnprintf(buf, INT_MAX, fmt, args);
 }
 
 EXPORT_SYMBOL(vsprintf);
@@ -601,7 +601,7 @@
 	int i;
 
 	va_start(args, fmt);
-	i=vsprintf(buf,fmt,args);
+	i=vsnprintf(buf, INT_MAX, fmt, args);
 	va_end(args);
 	return i;
 }

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] vsprintf.c cleanups
  2005-02-24 23:16 [PATCH] vsprintf.c cleanups Brian Gerst
@ 2005-02-25  0:59 ` Horst von Brand
  2005-02-25 12:28   ` Brian Gerst
  0 siblings, 1 reply; 6+ messages in thread
From: Horst von Brand @ 2005-02-25  0:59 UTC (permalink / raw)
  To: Brian Gerst; +Cc: Andrew Morton, lkml

Brian Gerst <bgerst@didntduck.org> said:
> - Make sprintf call vsnprintf directly
> - use INT_MAX for sprintf and vsprintf

This is the size limit on what is written. 4GiB sounds a bit extreme...
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                     Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria              +56 32 654239
Casilla 110-V, Valparaiso, Chile                Fax:  +56 32 797513

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] vsprintf.c cleanups
  2005-02-25  0:59 ` Horst von Brand
@ 2005-02-25 12:28   ` Brian Gerst
  2005-02-25 12:34     ` Arjan van de Ven
  2005-02-25 13:37     ` Horst von Brand
  0 siblings, 2 replies; 6+ messages in thread
From: Brian Gerst @ 2005-02-25 12:28 UTC (permalink / raw)
  To: Horst von Brand; +Cc: Andrew Morton, lkml

Horst von Brand wrote:
> Brian Gerst <bgerst@didntduck.org> said:
> 
>>- Make sprintf call vsnprintf directly
>>- use INT_MAX for sprintf and vsprintf
> 
> 
> This is the size limit on what is written. 4GiB sounds a bit extreme...

Sprintf has no limit, which is why it's generally bad to use it.  I just 
replaced an open coded ((~0U)>>1) value with the equivalent INT_MAX.

--
				Brian Gerst

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] vsprintf.c cleanups
  2005-02-25 12:28   ` Brian Gerst
@ 2005-02-25 12:34     ` Arjan van de Ven
  2005-02-25 13:37     ` Horst von Brand
  1 sibling, 0 replies; 6+ messages in thread
From: Arjan van de Ven @ 2005-02-25 12:34 UTC (permalink / raw)
  To: Brian Gerst; +Cc: Horst von Brand, Andrew Morton, lkml

On Fri, 2005-02-25 at 07:28 -0500, Brian Gerst wrote:
> Horst von Brand wrote:
> > Brian Gerst <bgerst@didntduck.org> said:
> > 
> >>- Make sprintf call vsnprintf directly
> >>- use INT_MAX for sprintf and vsprintf
> > 
> > 
> > This is the size limit on what is written. 4GiB sounds a bit extreme...
> 
> Sprintf has no limit, which is why it's generally bad to use it.  I just 
> replaced an open coded ((~0U)>>1) value with the equivalent INT_MAX.

I can see the point of using PAGE_SIZE instead; and if someone really
wants more than that, he/she should use snprintf with a specified
size....




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] vsprintf.c cleanups
  2005-02-25 12:28   ` Brian Gerst
  2005-02-25 12:34     ` Arjan van de Ven
@ 2005-02-25 13:37     ` Horst von Brand
  2005-02-27  8:12       ` Geert Uytterhoeven
  1 sibling, 1 reply; 6+ messages in thread
From: Horst von Brand @ 2005-02-25 13:37 UTC (permalink / raw)
  To: Brian Gerst; +Cc: Andrew Morton, lkml

Brian Gerst <bgerst@didntduck.org> said:
> Horst von Brand wrote:
> > Brian Gerst <bgerst@didntduck.org> said:
> > 
> >>- Make sprintf call vsnprintf directly
> >>- use INT_MAX for sprintf and vsprintf

> > This is the size limit on what is written. 4GiB sounds a bit extreme...

> Sprintf has no limit, which is why it's generally bad to use it.  I just 
> replaced an open coded ((~0U)>>1) value with the equivalent INT_MAX.

Which is the same as "no limit" in my book. Either you know a limit (in
which case vsprintf() is OK) or you don't (in which case vsnprintf() is
just obfuscation).
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                     Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria              +56 32 654239
Casilla 110-V, Valparaiso, Chile                Fax:  +56 32 797513

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] vsprintf.c cleanups
  2005-02-25 13:37     ` Horst von Brand
@ 2005-02-27  8:12       ` Geert Uytterhoeven
  0 siblings, 0 replies; 6+ messages in thread
From: Geert Uytterhoeven @ 2005-02-27  8:12 UTC (permalink / raw)
  To: Horst von Brand; +Cc: Brian Gerst, Andrew Morton, lkml

On Fri, 25 Feb 2005, Horst von Brand wrote:
> Brian Gerst <bgerst@didntduck.org> said:
> > Horst von Brand wrote:
> > > Brian Gerst <bgerst@didntduck.org> said:
> > > 
> > >>- Make sprintf call vsnprintf directly
> > >>- use INT_MAX for sprintf and vsprintf
> 
> > > This is the size limit on what is written. 4GiB sounds a bit extreme...
> 
> > Sprintf has no limit, which is why it's generally bad to use it.  I just 
> > replaced an open coded ((~0U)>>1) value with the equivalent INT_MAX.
> 
> Which is the same as "no limit" in my book. Either you know a limit (in
> which case vsprintf() is OK) or you don't (in which case vsnprintf() is
> just obfuscation).

Indeed. So the only place that is allowed to pass the `no limit' value to
snprintf() is in the sprintf() wrapper that calls snprintf().

Calls to sprintf() must not be converted to snprintf(..., `no limit', ...), so
it's easier to find them when doing buffer overflow audits.

Gr{oetje,eeting}s,

						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
							    -- Linus Torvalds

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2005-02-27  8:13 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-24 23:16 [PATCH] vsprintf.c cleanups Brian Gerst
2005-02-25  0:59 ` Horst von Brand
2005-02-25 12:28   ` Brian Gerst
2005-02-25 12:34     ` Arjan van de Ven
2005-02-25 13:37     ` Horst von Brand
2005-02-27  8:12       ` Geert Uytterhoeven

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.