From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Josh Law <objecting@objecting.org>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Subject: Re: [PATCH v6 16/17] lib/bootconfig: fix sign-compare in xbc_node_compose_key_after()
Date: Wed, 18 Mar 2026 08:15:40 +0900 [thread overview]
Message-ID: <20260318081540.44c164f2c67d80acf14eaf2e@kernel.org> (raw)
In-Reply-To: <20260317121507.30735331@gandalf.local.home>
On Tue, 17 Mar 2026 12:15:07 -0400
Steven Rostedt <rostedt@goodmis.org> wrote:
> On Tue, 17 Mar 2026 16:55:49 +0900
> Masami Hiramatsu (Google) <mhiramat@kernel.org> wrote:
>
> > > --- a/lib/bootconfig.c
> > > +++ b/lib/bootconfig.c
> > > @@ -319,10 +319,10 @@ int __init xbc_node_compose_key_after(struct xbc_node *root,
> > > depth ? "." : "");
> > > if (ret < 0)
> > > return ret;
> > > - if (ret >= size) {
> > > + if (ret >= (int)size) {
> >
> > nit:
> >
> > if ((size_t)ret >= size) {
> >
> > because sizeof(size_t) > sizeof(int).
>
> I don't think we need to worry about this. But this does bring up an issue.
> ret comes from:
>
> ret = snprintf(buf, size, "%s%s", xbc_node_get_data(node),
> depth ? "." : "");
>
> Where size is of type size_t
>
> snprintf() takes size_t but returns int.
>
> snprintf() calls vsnprintf() which has:
>
> size_t len, pos;
>
> Where pos is incremented based on fmt, and vsnprintf() returns:
>
> return pos;
>
> Which can overflow.
I think that is vsnprintf() (maybe POSIX) design issue.
I believe we're simply using the size_t to represent size of memory
out of convention.
>
> Now, honestly, we should never have a 2Gig string as that would likely
> cause other horrible things. Does size really need to be size_t?
Even if so, it should be done in vsnprintf() instead of this.
This function just believes that the caller gives collect size
and enough amount of memory. Or, we need to check "INT_MAX > size"
in everywhere.
>
> Perhaps we should have:
>
> if (WARN_ON_ONCE(size > MAX_INT))
> return -EINVAL;
I think this is an over engineering effort especially in
caller side. This overflow should be checked in vsnprintf() and
should return -EINVAL. (and the caller checks the return value.)
Thank you,
>
> ?
>
> -- Steve
>
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
next prev parent reply other threads:[~2026-03-17 23:15 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-15 12:19 [PATCH v6 00/17] bootconfig: fixes, cleanups, and modernization Josh Law
2026-03-15 12:19 ` [PATCH v6 01/17] lib/bootconfig: add missing __init annotations to static helpers Josh Law
2026-03-17 7:33 ` Masami Hiramatsu
2026-03-15 12:20 ` [PATCH v6 02/17] lib/bootconfig: fix typos, kerneldoc, and inconsistent if/else bracing Josh Law
2026-03-15 12:20 ` [PATCH v6 03/17] lib/bootconfig: narrow flag parameter type from uint32_t to uint16_t Josh Law
2026-03-15 12:20 ` [PATCH v6 04/17] lib/bootconfig: fix off-by-one in xbc_verify_tree() next node check Josh Law
2026-03-15 12:20 ` [PATCH v6 05/17] lib/bootconfig: increment xbc_node_num after node init succeeds Josh Law
2026-03-15 12:20 ` [PATCH v6 06/17] lib/bootconfig: drop redundant memset of xbc_nodes Josh Law
2026-03-17 11:46 ` Markus Elfring
2026-03-15 12:20 ` [PATCH v6 07/17] bootconfig: constify xbc_calc_checksum() data parameter Josh Law
2026-03-15 12:20 ` [PATCH v6 08/17] lib/bootconfig: replace linux/kernel.h with specific includes Josh Law
2026-03-15 12:20 ` [PATCH v6 09/17] lib/bootconfig: validate child node index in xbc_verify_tree() Josh Law
2026-03-17 11:03 ` Markus Elfring
2026-03-17 15:10 ` Steven Rostedt
2026-03-18 7:30 ` [RFC] Coding style consequences for multi-line statements? Markus Elfring
2026-03-15 12:20 ` [PATCH v6 10/17] lib/bootconfig: check xbc_init_node() return in override path Josh Law
2026-03-15 12:20 ` [PATCH v6 11/17] tools/bootconfig: fix fd leak in load_xbc_file() on fstat failure Josh Law
2026-03-17 7:31 ` Masami Hiramatsu
2026-03-17 7:34 ` Josh Law
2026-03-15 12:20 ` [PATCH v6 12/17] lib/bootconfig: fix signed comparison in xbc_node_get_data() Josh Law
2026-03-16 23:57 ` Masami Hiramatsu
2026-03-15 12:20 ` [PATCH v6 13/17] lib/bootconfig: use size_t for strlen result in xbc_node_match_prefix() Josh Law
2026-03-15 12:20 ` [PATCH v6 14/17] lib/bootconfig: narrow offset type in xbc_init_node() Josh Law
2026-03-17 0:55 ` Masami Hiramatsu
2026-03-15 12:20 ` [PATCH v6 15/17] lib/bootconfig: use size_t for key length tracking in xbc_verify_tree() Josh Law
2026-03-15 12:20 ` [PATCH v6 16/17] lib/bootconfig: fix sign-compare in xbc_node_compose_key_after() Josh Law
2026-03-17 7:55 ` Masami Hiramatsu
2026-03-17 16:15 ` Steven Rostedt
2026-03-17 16:15 ` Josh Law
2026-03-17 17:35 ` Josh Law
2026-03-17 23:15 ` Masami Hiramatsu [this message]
2026-03-17 23:18 ` Josh Law
2026-03-15 12:20 ` [PATCH v6 17/17] lib/bootconfig: change xbc_node_index() return type to uint16_t Josh Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260318081540.44c164f2c67d80acf14eaf2e@kernel.org \
--to=mhiramat@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=objecting@objecting.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox