From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Petr Mladek <pmladek@suse.com>
Cc: David Laight <David.Laight@aculab.com>,
'Demi Marie Obenour' <demi@invisiblethingslab.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Hans de Goede <hdegoede@redhat.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Sakari Ailus <sakari.ailus@linux.intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Juergen Gross <jgross@suse.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>,
Lee Jones <lee@kernel.org>, Andy Lutomirski <luto@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Sergey Senozhatsky <senozhatsky@chromium.org>
Subject: Re: [PATCH v3 0/4] Make sscanf() stricter
Date: Tue, 20 Jun 2023 18:05:14 +0300 [thread overview]
Message-ID: <ZJHAKnO4+KT0km2H@smile.fi.intel.com> (raw)
In-Reply-To: <ZJG-c2Lsgrd0Y_yh@alley>
On Tue, Jun 20, 2023 at 04:57:55PM +0200, Petr Mladek wrote:
> On Tue 2023-06-20 16:52:42, Andy Shevchenko wrote:
> > On Tue, Jun 20, 2023 at 03:34:09PM +0200, Petr Mladek wrote:
> > > On Thu 2023-06-15 14:23:59, Andy Shevchenko wrote:
> > > > On Thu, Jun 15, 2023 at 08:06:46AM +0000, David Laight wrote:
...
> > > + %pj or another %p modifiers would be hard to understand either.
> > >
> > > Yes, we have %pe but I think that only few people really use it.
> > > And it is kind of self-explanatory because it is typically
> > > used together with ERR_PTR() and with variables called
> > > "err" or "ret".
> >
> > j, besides the luck of no (yet) use in the kernel's printf(), is
> > described for printf(3)
> >
> > j A following integer conversion corresponds to an intmax_t or uintmax_t
> > argument, or a following n conversion corresponds to a pointer to an
> > intmax_t argument.
>
> I see, I have missed this coincidence. And we would really need to use %pj.
> %jd requires intmax_t variable. Otherwise, the compiler produces:
>
> kernel/lib/test.c:10:17: error: format ‘%jd’ expects argument of type ‘intmax_t *’, but argument 3 has type ‘int *’ [-Werror=format=]
> sscanf(str, "%jd hello.", &tmp);
>
> Hmm, %pj might even make some sense for sscanf() which requires pointers anyway.
> But still, we would lose the compiler check of the size of the passed
> buffer.
>
> This is actually my concern with many other %p modifiers. The compiler
> is not able to check that we pass the right pointer. I know that this
> might happen even with wrong buffer passed to %s or so. But number
> types is another category.
Yeah, it was a discussion IIRC for the compiler plugin to support %p
extensions, but I have no idea where it's now.
> > So, I think among all proposals, this one is the best (while all of them may
> > sound not good).
>
> I still prefer the custom handler when it is not too complex.
>
> Or if there are many users, we could create sscanf_strict() or so.
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2023-06-20 15:07 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-12 11:59 [PATCH v3 0/4] Make sscanf() stricter Alexey Dobriyan
2023-06-12 20:25 ` Demi Marie Obenour
2023-06-12 21:00 ` Andy Shevchenko
2023-06-12 21:23 ` Demi Marie Obenour
2023-06-12 22:16 ` Andy Shevchenko
2023-06-13 13:02 ` David Laight
2023-06-13 15:35 ` Demi Marie Obenour
2023-06-14 8:23 ` David Laight
2023-06-14 20:08 ` Demi Marie Obenour
2023-06-15 8:06 ` David Laight
2023-06-15 11:23 ` Andy Shevchenko
2023-06-15 11:38 ` David Laight
2023-06-20 13:34 ` Petr Mladek
2023-06-20 13:52 ` Andy Shevchenko
2023-06-20 13:54 ` Andy Shevchenko
2023-06-20 14:57 ` Petr Mladek
2023-06-20 15:05 ` Andy Shevchenko [this message]
2023-06-21 0:56 ` Demi Marie Obenour
-- strict thread matches above, loose matches on Subject: below --
2023-06-10 20:40 Demi Marie Obenour
2023-06-12 15:34 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZJHAKnO4+KT0km2H@smile.fi.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=David.Laight@aculab.com \
--cc=adobriyan@gmail.com \
--cc=demi@invisiblethingslab.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdegoede@redhat.com \
--cc=jgross@suse.com \
--cc=lee@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=luto@kernel.org \
--cc=mchehab@kernel.org \
--cc=oleksandr_tyshchenko@epam.com \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sakari.ailus@linux.intel.com \
--cc=senozhatsky@chromium.org \
--cc=sstabellini@kernel.org \
--cc=tglx@linutronix.de \
--cc=vincenzo.frascino@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.