Re: [PATCH] input/vmmouse: Fix device name copies

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
To: David Laight <David.Laight@aculab.com>
Cc: 'Arnd Bergmann' <arnd@arndb.de>, Zack Rusin <zackr@vmware.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	VMware Graphics Reviewers <linux-graphics-maintainer@vmware.com>,
	Robert Jarzmik <robert.jarzmik@free.fr>,
	Raul Rangel <rrangel@chromium.org>,
	"linux-input@vger.kernel.org" <linux-input@vger.kernel.org>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCH] input/vmmouse: Fix device name copies
Date: Fri, 8 Dec 2023 23:45:02 +0000	[thread overview]
Message-ID: <ZXOp5y4F2aoRq2UT@google.com> (raw)
In-Reply-To: <f3e6cab719c646bf91265b6fd2887061@AcuMS.aculab.com>

On Sun, Dec 03, 2023 at 09:14:49PM +0000, David Laight wrote:
> From: Arnd Bergmann
> > Sent: 03 December 2023 20:51
> > On Sun, Dec 3, 2023, at 19:41, Dmitry Torokhov wrote:
> > > On Mon, Nov 27, 2023 at 03:42:06PM -0500, Zack Rusin wrote:
> > >> From: Zack Rusin <zackr@vmware.com>
> > >>
> > >> Make sure vmmouse_data::phys can hold serio::phys (which is 32 bytes)
> > >> plus an extra string, extend it to 64.
> > >>
> > >> Fixes gcc13 warnings:
> > >> drivers/input/mouse/vmmouse.c: In function ‘vmmouse_init’:
> > >> drivers/input/mouse/vmmouse.c:455:53: warning: ‘/input1’ directive output may be truncated writing
> > 7 bytes into a region of size between 1 and 32 [-Wformat-truncation=]
> > >>   455 |         snprintf(priv->phys, sizeof(priv->phys), "%s/input1",
> > >>       |                                                     ^~~~~~~
> > >> drivers/input/mouse/vmmouse.c:455:9: note: ‘snprintf’ output between 8 and 39 bytes into a
> > destination of size 32
> > >>   455 |         snprintf(priv->phys, sizeof(priv->phys), "%s/input1",
> > >>       |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >>   456 |                  psmouse->ps2dev.serio->phys);
> > >>       |                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >
> > > This simply wastes 32 bytes. It is perfectly fine to truncate phys
> > > (which does not happen in real life).
> > >
> > > -Wformat-truncation is disabled in normal builds, folks should stop
> > > using it with W=1 as well.
> > 
> > It does find real bugs, and we are fairly close to being able
> > to enable it by default once the remaining warnings are all
> > fixed.
> > 
> > It also doesn't waste any memory

... at this time ...

> > in this specific case since
> > vmmouse_data is currently at 168 bytes, which gets rounded
> > up to either 192 or 256 bytes anyway. I'd suggest using
> > the minimum size that is large enough though, in this case
> > 39 bytes for the string I guess.

This assumes we never change how our allocators work to provide better
memory packing.

> 
> That rather depends on whether any of the earlier char[] lengths
> have been rounded up to a 'nice' value.
> 
> I'd also have thought that dangerous overflows would come from
> unbounded %s formats, not fixed size strings or integers that are
> always small.
> 
> There really ought to be a sane method of telling gcc not to bleat
> about snprintf() potentially overflowing the target.

Yes, that would be my preference before we enable this warning globally.

Thanks.

-- 
Dmitry

next prev parent reply	other threads:[~2023-12-08 23:45 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-27 20:42 [PATCH] input/vmmouse: Fix device name copies Zack Rusin
2023-12-03 18:41 ` Dmitry Torokhov
2023-12-03 20:50   ` Arnd Bergmann
2023-12-03 21:14     ` David Laight
2023-12-08 23:45       ` Dmitry Torokhov [this message]
2024-01-04  5:06 ` [PATCH v2] " Zack Rusin
2024-01-04  5:07   ` Zack Rusin
2024-01-04 16:03   ` kernel test robot
2024-01-04 21:29     ` Zack Rusin
2024-01-04 19:23   ` kernel test robot
2024-01-04 22:01   ` kernel test robot
2024-01-04 22:57   ` David Laight

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZXOp5y4F2aoRq2UT@google.com \
    --to=dmitry.torokhov@gmail.com \
    --cc=David.Laight@aculab.com \
    --cc=arnd@arndb.de \
    --cc=linux-graphics-maintainer@vmware.com \
    --cc=linux-input@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=robert.jarzmik@free.fr \
    --cc=rrangel@chromium.org \
    --cc=stable@vger.kernel.org \
    --cc=zackr@vmware.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.