From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dan Carpenter Date: Mon, 11 Oct 2010 19:45:02 +0000 Subject: Re: [patch] ASoC: soc: snprintf() doesn't return negative Message-Id: <20101011194502.GK5851@bicker> List-Id: References: <20101011035416.GD5851@bicker> <20101011104009.GB9231@rakim.wolfsonmicro.main> <20101011164038.GE5851@bicker> <20101011185148.GB22355@opensource.wolfsonmicro.com> In-Reply-To: <20101011185148.GB22355@opensource.wolfsonmicro.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Mark Brown Cc: alsa-devel@alsa-project.org, Jassi Brar , Takashi Iwai , kernel-janitors@vger.kernel.org, Peter Ujfalusi , linux-kernel@vger.kernel.org, Liam Girdwood On Mon, Oct 11, 2010 at 07:51:48PM +0100, Mark Brown wrote: > In actual fact quite a few devices have enough registers to be > truncated, meaning that it's not only possible but likely we'll exercise > the cases that deal with the end of buffer. If snprintf() is returning > values larger than buffer size it was given we're likely to have an > issue but it seems that there's something missing in your analysis since > we're never seeing WARN_ON()s and are instead seeing the behaviour the > code is intended to give, which is to truncate the output when we run > out of space. > > Could you re-check your analysis, please? That's odd. I'm sorry, I can't explain why you wouldn't see a stack trace... The code is straight forward: /* Reject out-of-range values early. Large positive sizes are used for unknown buffer sizes. */ if (WARN_ON_ONCE((int) size < 0)) return 0; It would still give you truncated output but after the NULL terminator there would be information leaked from the kernel. If the reader program had allocated a large enough buffer to handle the extra information it wouldn't cause a problem. regards, dan carpenter