From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6AE08C83F10 for ; Thu, 10 Jul 2025 02:48:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E171D6B00A1; Wed, 9 Jul 2025 22:48:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DEEF36B00A2; Wed, 9 Jul 2025 22:48:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D2C186B00A3; Wed, 9 Jul 2025 22:48:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id C16686B00A1 for ; Wed, 9 Jul 2025 22:48:26 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 3C58980410 for ; Thu, 10 Jul 2025 02:48:26 +0000 (UTC) X-FDA: 83646821412.20.FBC9CDE Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf05.hostedemail.com (Postfix) with ESMTP id 98AC2100007 for ; Thu, 10 Jul 2025 02:48:24 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="TU/xLkQv"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of alx@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=alx@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752115704; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=0sUPaBsrRtVECUWOJKm+GE3R6Wlp2E4kocwkF3cjpXM=; b=Q8GUbPVhfto8dAmRTRmHFW1ayqEAifFaIzNsDkXJeD/H9nfVCXEQGAvNvo9zrH0yJFPrdu sjhLDU+tsmx++I06DfsYbNJVbLrNst2p+8mLLVooa9BjrLCkmGG2EyM3wOAQlt9x6Wv3AP 4RW6hh6MEU0xAAVJQ79vOVG8aFqUjuU= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="TU/xLkQv"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of alx@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=alx@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752115704; a=rsa-sha256; cv=none; b=DX7BY9UrPf/y4WFl7DGGg7CJ7L2Nzgfo9hRFqh4I5b/Np5z4Ah7UPNl/LK56+epOgz9hsL suYXd/Jo0hxDA9TIJjzupUbz7wAZShkqnbAvHUXK69xuybE5qUMOZCS78bpp9r2KnSLTiO jWFc4fACS5LqW9ZJa3UGLZMiUMsYuMk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id B7D21A50119; Thu, 10 Jul 2025 02:48:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C2CBC4CEF0; Thu, 10 Jul 2025 02:48:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1752115703; bh=uP1Rd77wxX/Fb6ettFx80wxbqPad+vTShdCzOI/MZqw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=TU/xLkQvOm1nCV8vzE8nPX9PhH8RaLxUabLxCZkndzS2pe7Vb6aZTc1PDHKghXZqX sSskGWf3iDbZMOTJsUXeZi0kGyGP+P46LmKWrGPKbMVh2pnHVPFM/Nay7EZVPg28gH YxRAQ9CL2X2WmqoI0iOgwl5t+Z/LYa7dAexLdTAGwp7hyxnq6ywPt9V9iQ6mobzEYI nv7udlInO0wYjWlvR3u72uHFLx2ohsaPNrI+T5WwB7v4g+u85EmWWriA7lZjPogC4A Zwe2Bh5udiJE8U5S12fUBgEBuBCQ5FUcxGGemgRXmaU3Fqrp9SqZntUiBJ46AWGpGT S5khO3w7DtKfw== Date: Thu, 10 Jul 2025 04:48:11 +0200 From: Alejandro Colomar To: linux-mm@kvack.org, linux-hardening@vger.kernel.org Cc: Alejandro Colomar , Kees Cook , Christopher Bazley , shadow <~hallyn/shadow@lists.sr.ht>, linux-kernel@vger.kernel.org, Andrew Morton , kasan-dev@googlegroups.com, Dmitry Vyukov , Alexander Potapenko , Marco Elver , Christoph Lameter , David Rientjes , Vlastimil Babka , Roman Gushchin , Harry Yoo , Andrew Clayton , Rasmus Villemoes , Michal Hocko , Linus Torvalds , Al Viro , Martin Uecker , Sam James , Andrew Pinski Subject: [RFC v4 1/7] vsprintf: Add [v]sprintf_end() Message-ID: <2c4f793de0b849259088c1f52db44ace5a4e6f66.1752113247.git.alx@kernel.org> X-Mailer: git-send-email 2.50.0 References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 98AC2100007 X-Stat-Signature: bott4bhepgzfj7x9aafsyioy5ryyi59x X-Rspam-User: X-HE-Tag: 1752115704-594881 X-HE-Meta: U2FsdGVkX18KjyiE3MbECvpp6w9M1/tywqfF2NG1TB4Fu1J/igBkvjKnfV9vuzmWfiVjRuW0/9j/s9SPOA0WhPv2gBcnwpCJ0OaaL6rs8WVPL9AYCdPYprZjrNN/PcXPvvd9OCCuc4fC1CesmPK42AgeiZxscuPyY/rjjw/ZkfrNzptlRKoyDru87lBDIgvD9aWcRFZU+XCtvoU4RO0lvytLIFZGExbN/xrtuvOrpZycMX4gBj2EDyyvw4M13JhKpiKa217fnfuBhk0Y1+08clCDutha7lAcszPTiCv1nnqFDoaaByNBN+VW1kVj2ZeNC5JGJIbnspKuy//ri7dOSCUhfC4JqqZxrm4TSO7xWnifNteWFzny3aJiApV1ONF9qnaxML2sWDvaQTqrElSjIuuDZ7a6rHG3lwtmF/CBhytibWFfwGd7uVjfYOaL++nx5ll7AkUB90840ck210+I7ugB4rKC3IH016XZ+ypjJCWWDn5okMFkrcc+yE0LZSZGlyKB6ukZNPQUTBwQFy+MRZlIQjqm7/NK+fZihO2DFXQ3v6Q/7ENY+0ZYtjRjdsSfWgTLG4L4aRCgjf1dSADPEoqKkIvA9MWR9qQUIv6utvASwDWHsBDcxiUoP7capOnqxX8vG/iS3DynS409jXcQ4jyLXu+31L+d6PUTFjEQLEM8nL0fS1+HiQ+TilcZ63Gj2Q51D6SU43bEahakqIw/HUiaG8oMrhcqP6pUcVODRJ3PVFlAvIOujHCsKoq00ANta+Pyw+RcHbaZsdtZ9tP2QSWYmKertSxYcH+xF07S7blBD9oPw3QURs76TEl5lgeZ+U2rZ2iE9Ok7meiqVSCM31X1Ul4m4q81VQAxq+ofarDcMGGC6ORQjiXp2M7uuigX//f/Um0h4qDMHzthiYns9mJ3lX7i1Xxsh0r0bPLeWy5+KoEioiWtwbI1UpPZuvEF3IJf69cypnAXPkRP6zi T5A3GN4L da7cQYJofGt9KJXzBonSyqdkFl2nlFzRW6nqntHv+SNrF7sTXrZM9p2vYkcNna6/ee1rB7/szgL4gLpwE5O4K7XgsqmeaX3tbJq2EzChWpj4pxSxuwYFD/EOGMLkVfomv6S46H5FhrD7V4WurZSLhiQ/EXC2trL5px5xun82k9/0uYcORx/lq7EdUp/ctz8wG1g5Zbocx8rpNJjr0ZVYSsWXH2FRunh0CV+IYAkWU9xbPSGh8mutkeU3QCR558TZWdMfEvOjcFi96VsLo3D4ljpLXe1XgsZA70xK+TVA3s0HnYMHva0/amgDGd1vqTizL4Q+2hgb3FcV/7kChbP5e1M9pt62U2CMp3SjyfnPbmfxgkqxLMmvghYtEE0wVovFUM/SiZNjb/RKWWa6R8uKVL1o5r2k5GYJUoiHOfj/lqTN1HU35C42AlWcyGUYQvNqnIPW/vDAi6b+astx2b+BXrJ+KaF3aY2lvCOM/LVz6OgS+7ueheA7D1WNC+T54CU7mGSSOjon6lgDzvOgRjQ6SbJa1fKd2r74s35HJh0OQG3eCp9KmaccHfNsn7ze2VaVsDuEAra4QnI2WI3fztmTgsF11qhiU6/aex188SQISEphpCGh1abqJLgBKUE1v4E4QPX9R8KW/zCbtbpw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: sprintf_end() is a function similar to stpcpy(3) in the sense that it returns a pointer that is suitable for chaining to other copy operations. It takes a pointer to the end of the buffer as a sentinel for when to truncate, which unlike a size, doesn't need to be updated after every call. This makes it much more ergonomic, avoiding manually calculating the size after each copy, which is error prone. It also makes error handling much easier, by reporting truncation with a null pointer, which is accepted and transparently passed down by subsequent sprintf_end() calls. This results in only needing to report errors once after a chain of sprintf_end() calls, unlike snprintf(3), which requires checking after every call. p = buf; e = buf + countof(buf); p = sprintf_end(p, e, foo); p = sprintf_end(p, e, bar); if (p == NULL) goto trunc; vs len = 0; size = countof(buf); len += snprintf(buf + len, size - len, foo); if (len >= size) goto trunc; len += snprintf(buf + len, size - len, bar); if (len >= size) goto trunc; And also better than scnprintf() calls: len = 0; size = countof(buf); len += scnprintf(buf + len, size - len, foo); len += scnprintf(buf + len, size - len, bar); // No ability to check. It seems aparent that it's a more elegant approach to string catenation. These functions will soon be proposed for standardization as [v]seprintf() into C2y, and they exist in Plan9 as seprint(2) --but the Plan9 implementation has important bugs--. Link: Cc: Kees Cook Cc: Christopher Bazley Cc: Rasmus Villemoes Cc: Marco Elver Cc: Michal Hocko Cc: Linus Torvalds Cc: Al Viro Signed-off-by: Alejandro Colomar --- include/linux/sprintf.h | 2 ++ lib/vsprintf.c | 59 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/include/linux/sprintf.h b/include/linux/sprintf.h index 51cab2def9ec..a0dc35574521 100644 --- a/include/linux/sprintf.h +++ b/include/linux/sprintf.h @@ -13,6 +13,8 @@ __printf(3, 4) int snprintf(char *buf, size_t size, const char *fmt, ...); __printf(3, 0) int vsnprintf(char *buf, size_t size, const char *fmt, va_list args); __printf(3, 4) int scnprintf(char *buf, size_t size, const char *fmt, ...); __printf(3, 0) int vscnprintf(char *buf, size_t size, const char *fmt, va_list args); +__printf(3, 4) char *sprintf_end(char *p, const char end[0], const char *fmt, ...); +__printf(3, 0) char *vsprintf_end(char *p, const char end[0], const char *fmt, va_list args); __printf(2, 3) __malloc char *kasprintf(gfp_t gfp, const char *fmt, ...); __printf(2, 0) __malloc char *kvasprintf(gfp_t gfp, const char *fmt, va_list args); __printf(2, 0) const char *kvasprintf_const(gfp_t gfp, const char *fmt, va_list args); diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 01699852f30c..d32df53a713a 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -2923,6 +2923,40 @@ int vscnprintf(char *buf, size_t size, const char *fmt, va_list args) } EXPORT_SYMBOL(vscnprintf); +/** + * vsprintf_end - va_list string end-delimited print formatted + * @p: The buffer to place the result into + * @end: A pointer to one past the last character in the buffer + * @fmt: The format string to use + * @args: Arguments for the format string + * + * The return value is a pointer to the trailing '\0'. + * If @p is NULL, the function returns NULL. + * If the string is truncated, the function returns NULL. + * If @end <= @p, the function returns NULL. + * + * See the vsnprintf() documentation for format string extensions over C99. + */ +char *vsprintf_end(char *p, const char end[0], const char *fmt, va_list args) +{ + int len; + size_t size; + + if (unlikely(p == NULL)) + return NULL; + + size = end - p; + if (WARN_ON_ONCE(size == 0 || size > INT_MAX)) + return NULL; + + len = vsnprintf(p, size, fmt, args); + if (unlikely(len >= size)) + return NULL; + + return p + len; +} +EXPORT_SYMBOL(vsprintf_end); + /** * snprintf - Format a string and place it in a buffer * @buf: The buffer to place the result into @@ -2974,6 +3008,31 @@ int scnprintf(char *buf, size_t size, const char *fmt, ...) } EXPORT_SYMBOL(scnprintf); +/** + * sprintf_end - string end-delimited print formatted + * @p: The buffer to place the result into + * @end: A pointer to one past the last character in the buffer + * @fmt: The format string to use + * @...: Arguments for the format string + * + * The return value is a pointer to the trailing '\0'. + * If @buf is NULL, the function returns NULL. + * If the string is truncated, the function returns NULL. + * If @end <= @p, the function returns NULL. + */ + +char *sprintf_end(char *p, const char end[0], const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + p = vsprintf_end(p, end, fmt, args); + va_end(args); + + return p; +} +EXPORT_SYMBOL(sprintf_end); + /** * vsprintf - Format a string and place it in a buffer * @buf: The buffer to place the result into -- 2.50.0