* re: bcache: A block layer cache
@ 2013-04-01 19:37 Dan Carpenter
[not found] ` <20130401193740.GA32549-dZEljifmRObu9KfB+GxooP8+0UxHXcjY@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2013-04-01 19:37 UTC (permalink / raw)
To: koverstreet-hpIqsD4AKlfQT0dZR+AlfA; +Cc: linux-bcache-u79uwXL29TY76Z2rM5mHXA
Hello Kent Overstreet,
The patch cafe56359144: "bcache: A block layer cache" from Mar 23,
2013, leads to the following warning:
"drivers/md/bcache/util.c:92 hprint()
error: format string overflow. buf_size: 3 length: 4"
drivers/md/bcache/util.c
77 ssize_t hprint(char *buf, int64_t v)
78 {
79 static const char units[] = "?kMGTPEZY";
80 char dec[3] = "";
81 int u, t = 0;
82
83 for (u = 0; v >= 1024 || v <= -1024; u++) {
84 t = v & ~(~0 << 10);
85 v >>= 10;
86 }
87
88 if (!u)
89 return sprintf(buf, "%llu", v);
90
91 if (v < 100 && v > -100)
92 sprintf(dec, ".%i", t / 100);
For example, hprint(buf, 2024) will cause a one char buffer overflow.
93
94 return sprintf(buf, "%lli%s%c", v, dec, units[u]);
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread[parent not found: <20130401193740.GA32549-dZEljifmRObu9KfB+GxooP8+0UxHXcjY@public.gmane.org>]
* Re: bcache: A block layer cache [not found] ` <20130401193740.GA32549-dZEljifmRObu9KfB+GxooP8+0UxHXcjY@public.gmane.org> @ 2013-04-01 19:58 ` Dan Carpenter 2013-04-05 21:14 ` Kent Overstreet 1 sibling, 0 replies; 3+ messages in thread From: Dan Carpenter @ 2013-04-01 19:58 UTC (permalink / raw) To: koverstreet-hpIqsD4AKlfQT0dZR+AlfA; +Cc: linux-bcache-u79uwXL29TY76Z2rM5mHXA Slightly unrelated, it's weird that bcache has KEY_START() and START_KEY(). Maybe FIRST_KEY() would be a better name for START_KEY()? regards, dan carpenter ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: bcache: A block layer cache [not found] ` <20130401193740.GA32549-dZEljifmRObu9KfB+GxooP8+0UxHXcjY@public.gmane.org> 2013-04-01 19:58 ` Dan Carpenter @ 2013-04-05 21:14 ` Kent Overstreet 1 sibling, 0 replies; 3+ messages in thread From: Kent Overstreet @ 2013-04-05 21:14 UTC (permalink / raw) To: Dan Carpenter; +Cc: linux-bcache-u79uwXL29TY76Z2rM5mHXA On Mon, Apr 01, 2013 at 10:37:41PM +0300, Dan Carpenter wrote: > Hello Kent Overstreet, > > The patch cafe56359144: "bcache: A block layer cache" from Mar 23, > 2013, leads to the following warning: > "drivers/md/bcache/util.c:92 hprint() > error: format string overflow. buf_size: 3 length: 4" Thanks - fixed commit c20bbfc0e049ca785bb19419121091e4fd419886 Author: Kent Overstreet <koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> Date: Fri Apr 5 14:12:28 2013 -0700 bcache: Fix a format string overflow Reported-by: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org> Signed-off-by: Kent Overstreet <koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> diff --git a/drivers/md/bcache/util.c b/drivers/md/bcache/util.c index a9619d8..da3a99e 100644 --- a/drivers/md/bcache/util.c +++ b/drivers/md/bcache/util.c @@ -76,7 +76,7 @@ STRTO_H(strtoull, unsigned long long) ssize_t bch_hprint(char *buf, int64_t v) { static const char units[] = "?kMGTPEZY"; - char dec[3] = ""; + char dec[4] = ""; int u, t = 0; for (u = 0; v >= 1024 || v <= -1024; u++) { @@ -88,7 +88,7 @@ ssize_t bch_hprint(char *buf, int64_t v) return sprintf(buf, "%llu", v); if (v < 100 && v > -100) - sprintf(dec, ".%i", t / 100); + snprintf(dec, sizeof(dec), ".%i", t / 100); return sprintf(buf, "%lli%s%c", v, dec, units[u]); } ^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-04-05 21:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-01 19:37 bcache: A block layer cache Dan Carpenter
[not found] ` <20130401193740.GA32549-dZEljifmRObu9KfB+GxooP8+0UxHXcjY@public.gmane.org>
2013-04-01 19:58 ` Dan Carpenter
2013-04-05 21:14 ` Kent Overstreet
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox