From: Demi Marie Obenour <demi@invisiblethingslab.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>,
linux-kernel@vger.kernel.org,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Hans de Goede <hdegoede@redhat.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Sakari Ailus <sakari.ailus@linux.intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Juergen Gross <jgross@suse.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>,
Lee Jones <lee@kernel.org>, Andy Lutomirski <luto@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Petr Mladek <pmladek@suse.com>,
Steven Rostedt <rostedt@goodmis.org>,
Sergey Senozhatsky <senozhatsky@chromium.org>
Subject: Re: [PATCH v3 0/4] Make sscanf() stricter
Date: Mon, 12 Jun 2023 17:23:18 -0400 [thread overview]
Message-ID: <ZIeMyQXU49OcoxY2@itl-email> (raw)
In-Reply-To: <ZIeHfBf3aB3vUgRM@smile.fi.intel.com>
[-- Attachment #1: Type: text/plain, Size: 1818 bytes --]
On Tue, Jun 13, 2023 at 12:00:44AM +0300, Andy Shevchenko wrote:
> On Mon, Jun 12, 2023 at 04:25:01PM -0400, Demi Marie Obenour wrote:
> > On Mon, Jun 12, 2023 at 02:59:38PM +0300, Alexey Dobriyan wrote:
> > > > + bool _placeholder;
> > > > + return simple_strntoull(cp, INT_MAX, endp, base, &_placeholder);
> > >
> > > This can be done without introducing dummy variables:
> > >
> > > void f(bool *b)
> > > {
> > > }
> > >
> > > f((bool[1]){});
> >
> > This is more consise, but (at least to me) significantly less readable.
> >
> > > > > lib/vsprintf.c:3727:26: error: unknown conversion type character ‘!’ in format [-Werror=format=]
> > > > So NAK.
> > >
> > > Yeah, ! should go after format specifier like it does for %p.
> >
> > I hadn't considered that. Is the typical approach in Linux to use e.g.
> > %d%[!] if one wants a literal '!'?
>
> It might be that the cleanest way we have is to create %p-like extensions to
> sscanf(). %p takes alnum as parameter and that is usually works since it makes
> a little sense to attach alnum suffix to the pointer.
>
> (I don't like to have %dX, where X is alnum as we expanding our hack to
> something which people don't expect to be altered even in the kernelm, you may
> refer to the discussion about %de for printing errors)
Personally I’m not too worried about compatibility with userspace
sscanf(), except to the extent that -Werror=format can keep working.
Userspace sscanf() is almost useless: it has undefined behavior on
integer overflow and swallows spaces that should usually be rejected.
I typically either use strto*l() or (as I am currently doing for Xen’s
toolstack) just write my own parsing functions from scratch.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2023-06-12 21:25 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-12 11:59 [PATCH v3 0/4] Make sscanf() stricter Alexey Dobriyan
2023-06-12 20:25 ` Demi Marie Obenour
2023-06-12 21:00 ` Andy Shevchenko
2023-06-12 21:23 ` Demi Marie Obenour [this message]
2023-06-12 22:16 ` Andy Shevchenko
2023-06-13 13:02 ` David Laight
2023-06-13 15:35 ` Demi Marie Obenour
2023-06-14 8:23 ` David Laight
2023-06-14 20:08 ` Demi Marie Obenour
2023-06-15 8:06 ` David Laight
2023-06-15 11:23 ` Andy Shevchenko
2023-06-15 11:38 ` David Laight
2023-06-20 13:34 ` Petr Mladek
2023-06-20 13:52 ` Andy Shevchenko
2023-06-20 13:54 ` Andy Shevchenko
2023-06-20 14:57 ` Petr Mladek
2023-06-20 15:05 ` Andy Shevchenko
2023-06-21 0:56 ` Demi Marie Obenour
-- strict thread matches above, loose matches on Subject: below --
2023-06-10 20:40 Demi Marie Obenour
2023-06-12 15:34 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZIeMyQXU49OcoxY2@itl-email \
--to=demi@invisiblethingslab.com \
--cc=adobriyan@gmail.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdegoede@redhat.com \
--cc=jgross@suse.com \
--cc=lee@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=luto@kernel.org \
--cc=mchehab@kernel.org \
--cc=oleksandr_tyshchenko@epam.com \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sakari.ailus@linux.intel.com \
--cc=senozhatsky@chromium.org \
--cc=sstabellini@kernel.org \
--cc=tglx@linutronix.de \
--cc=vincenzo.frascino@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.