* re: bcache: A block layer cache
@ 2013-04-01 19:37 Dan Carpenter
[not found] ` <20130401193740.GA32549-dZEljifmRObu9KfB+GxooP8+0UxHXcjY@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2013-04-01 19:37 UTC (permalink / raw)
To: koverstreet-hpIqsD4AKlfQT0dZR+AlfA; +Cc: linux-bcache-u79uwXL29TY76Z2rM5mHXA
Hello Kent Overstreet,
The patch cafe56359144: "bcache: A block layer cache" from Mar 23,
2013, leads to the following warning:
"drivers/md/bcache/util.c:92 hprint()
error: format string overflow. buf_size: 3 length: 4"
drivers/md/bcache/util.c
77 ssize_t hprint(char *buf, int64_t v)
78 {
79 static const char units[] = "?kMGTPEZY";
80 char dec[3] = "";
81 int u, t = 0;
82
83 for (u = 0; v >= 1024 || v <= -1024; u++) {
84 t = v & ~(~0 << 10);
85 v >>= 10;
86 }
87
88 if (!u)
89 return sprintf(buf, "%llu", v);
90
91 if (v < 100 && v > -100)
92 sprintf(dec, ".%i", t / 100);
For example, hprint(buf, 2024) will cause a one char buffer overflow.
93
94 return sprintf(buf, "%lli%s%c", v, dec, units[u]);
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: bcache: A block layer cache
[not found] ` <20130401193740.GA32549-dZEljifmRObu9KfB+GxooP8+0UxHXcjY@public.gmane.org>
@ 2013-04-01 19:58 ` Dan Carpenter
2013-04-05 21:14 ` Kent Overstreet
1 sibling, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2013-04-01 19:58 UTC (permalink / raw)
To: koverstreet-hpIqsD4AKlfQT0dZR+AlfA; +Cc: linux-bcache-u79uwXL29TY76Z2rM5mHXA
Slightly unrelated, it's weird that bcache has KEY_START() and
START_KEY(). Maybe FIRST_KEY() would be a better name for
START_KEY()?
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: bcache: A block layer cache
[not found] ` <20130401193740.GA32549-dZEljifmRObu9KfB+GxooP8+0UxHXcjY@public.gmane.org>
2013-04-01 19:58 ` Dan Carpenter
@ 2013-04-05 21:14 ` Kent Overstreet
1 sibling, 0 replies; 3+ messages in thread
From: Kent Overstreet @ 2013-04-05 21:14 UTC (permalink / raw)
To: Dan Carpenter; +Cc: linux-bcache-u79uwXL29TY76Z2rM5mHXA
On Mon, Apr 01, 2013 at 10:37:41PM +0300, Dan Carpenter wrote:
> Hello Kent Overstreet,
>
> The patch cafe56359144: "bcache: A block layer cache" from Mar 23,
> 2013, leads to the following warning:
> "drivers/md/bcache/util.c:92 hprint()
> error: format string overflow. buf_size: 3 length: 4"
Thanks - fixed
commit c20bbfc0e049ca785bb19419121091e4fd419886
Author: Kent Overstreet <koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
Date: Fri Apr 5 14:12:28 2013 -0700
bcache: Fix a format string overflow
Reported-by: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
Signed-off-by: Kent Overstreet <koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
diff --git a/drivers/md/bcache/util.c b/drivers/md/bcache/util.c
index a9619d8..da3a99e 100644
--- a/drivers/md/bcache/util.c
+++ b/drivers/md/bcache/util.c
@@ -76,7 +76,7 @@ STRTO_H(strtoull, unsigned long long)
ssize_t bch_hprint(char *buf, int64_t v)
{
static const char units[] = "?kMGTPEZY";
- char dec[3] = "";
+ char dec[4] = "";
int u, t = 0;
for (u = 0; v >= 1024 || v <= -1024; u++) {
@@ -88,7 +88,7 @@ ssize_t bch_hprint(char *buf, int64_t v)
return sprintf(buf, "%llu", v);
if (v < 100 && v > -100)
- sprintf(dec, ".%i", t / 100);
+ snprintf(dec, sizeof(dec), ".%i", t / 100);
return sprintf(buf, "%lli%s%c", v, dec, units[u]);
}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-04-05 21:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-01 19:37 bcache: A block layer cache Dan Carpenter
[not found] ` <20130401193740.GA32549-dZEljifmRObu9KfB+GxooP8+0UxHXcjY@public.gmane.org>
2013-04-01 19:58 ` Dan Carpenter
2013-04-05 21:14 ` Kent Overstreet
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox