From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 618C5C41535 for ; Fri, 15 Dec 2023 12:57:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:From:To: Subject:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=a7PhZbI6iRZgX8LFovqmYEVRM7V/u/jwBAdUtFuKRm0=; b=hThOydcQtAXvr6 SH8OOEicnd13X1NMzrR5J3rqixbpD2YoRZit86iYMQJukfnptrkUsTgaZTfAlpXDnE/wzmLavNLXc QVfShdO4qHknA+b+/jgdWZXZjriDVa7Vc++VyFZZq9aagu3Ut40Sa9AisfAnsamVzrMtHcN50oq+D Bem2FD82kfy8CSSt8POHY2wQ95ozkIUg3uyk1QwIVjgURAdCWUUhMFFRNVkvU10Da15Br/hM1LaDH I2sljcOjpGDsWgQLIet8qsd8Bw0DkQlb4JEW3QsqLQfrGggwqwizSRrYjkdsKFWBVw8ajhsJ/t3Os FUKxtA5x1ltRp6HRHJWQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rE7kw-003J44-2p; Fri, 15 Dec 2023 12:57:30 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rE7kp-003Izg-1Z for linux-arm-kernel@lists.infradead.org; Fri, 15 Dec 2023 12:57:25 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 2045BB82641; Fri, 15 Dec 2023 12:57:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 258CCC433C8; Fri, 15 Dec 2023 12:57:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1702645037; bh=y8Y0IMQr4tygajMprq+oexTUCRJDrkyZLYUIZJuYBVs=; h=Subject:To:From:Date:From; b=2NridpX8YRX8t98EeJukc7tuajIyrJfiWaQXASHUb+iW01Oe6LLqsMIptiBqZzQgY GeNxx+zGqOC/emxivILoXwCsyJAKqa/enqAuoZ2SwaMfxpak8FhrA5i2vWqcg3EmYz 3n1xDVjNmHfKn11lBwPeKH6JntVZTw4iPe8MK2+A= Subject: patch "usb: gadget: udc: atmel: Replace snprintf() with the safer" added to usb-testing To: lee@kernel.org,alexandre.belloni@bootlin.com,claudiu.beznea@tuxon.dev,cristian.birsan@microchip.com,gregkh@linuxfoundation.org,linux-arm-kernel@lists.infradead.org,nicolas.ferre@microchip.com From: Date: Fri, 15 Dec 2023 13:56:38 +0100 Message-ID: <2023121538-polka-speller-f225@gregkh> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231215_045723_668292_0B97B2A0 X-CRM114-Status: GOOD ( 16.23 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This is a note to let you know that I've just added the patch titled usb: gadget: udc: atmel: Replace snprintf() with the safer to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From d32dcb0659bcb3b68878a985280024ec92d0db5b Mon Sep 17 00:00:00 2001 From: Lee Jones Date: Wed, 13 Dec 2023 16:42:34 +0000 Subject: usb: gadget: udc: atmel: Replace snprintf() with the safer scnprintf() variant There is a general misunderstanding amongst engineers that {v}snprintf() returns the length of the data *actually* encoded into the destination array. However, as per the C99 standard {v}snprintf() really returns the length of the data that *would have been* written if there were enough space for it. This misunderstanding has led to buffer-overruns in the past. It's generally considered safer to use the {v}scnprintf() variants in their place (or even sprintf() in simple cases). So let's do that. Link: https://lwn.net/Articles/69419/ Link: https://github.com/KSPP/linux/issues/105 Cc: Cristian Birsan Cc: Nicolas Ferre Cc: Alexandre Belloni Cc: Claudiu Beznea Cc: Signed-off-by: Lee Jones Link: https://lore.kernel.org/r/20231213164246.1021885-6-lee@kernel.org Signed-off-by: Greg Kroah-Hartman --- drivers/usb/gadget/udc/atmel_usba_udc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/gadget/udc/atmel_usba_udc.c b/drivers/usb/gadget/udc/atmel_usba_udc.c index 02b1bef5e22e..b76885d78e8a 100644 --- a/drivers/usb/gadget/udc/atmel_usba_udc.c +++ b/drivers/usb/gadget/udc/atmel_usba_udc.c @@ -94,7 +94,7 @@ static ssize_t queue_dbg_read(struct file *file, char __user *buf, inode_lock(file_inode(file)); list_for_each_entry_safe(req, tmp_req, queue, queue) { - len = snprintf(tmpbuf, sizeof(tmpbuf), + len = scnprintf(tmpbuf, sizeof(tmpbuf), "%8p %08x %c%c%c %5d %c%c%c\n", req->req.buf, req->req.length, req->req.no_interrupt ? 'i' : 'I', @@ -104,7 +104,6 @@ static ssize_t queue_dbg_read(struct file *file, char __user *buf, req->submitted ? 'F' : 'f', req->using_dma ? 'D' : 'd', req->last_transaction ? 'L' : 'l'); - len = min(len, sizeof(tmpbuf)); if (len > nbytes) break; -- 2.43.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel