From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Takashi Iwai <tiwai@suse.de>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH] xfs: Use scnprintf() for avoiding potential buffer overflow
Date: Wed, 11 Mar 2020 11:21:36 -0700 [thread overview]
Message-ID: <20200311182136.GH8045@magnolia> (raw)
In-Reply-To: <20200311093552.25354-1-tiwai@suse.de>
On Wed, Mar 11, 2020 at 10:35:52AM +0100, Takashi Iwai wrote:
> Since snprintf() returns the would-be-output size instead of the
> actual output size, the succeeding calls may go beyond the given
> buffer limit. Fix it by replacing with scnprintf().
> Signed-off-by: Takashi Iwai <tiwai@suse.de>
The 'c' in 'scnprintf' means that it returns the number of bytes written
into the buffer (not including the \0) instead of the number of bytes
that /would/ have been written provided there was enough space, right?
If so,
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
--D
> ---
> fs/xfs/xfs_stats.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/fs/xfs/xfs_stats.c b/fs/xfs/xfs_stats.c
> index 113883c4f202..f70f1255220b 100644
> --- a/fs/xfs/xfs_stats.c
> +++ b/fs/xfs/xfs_stats.c
> @@ -57,13 +57,13 @@ int xfs_stats_format(struct xfsstats __percpu *stats, char *buf)
> /* Loop over all stats groups */
>
> for (i = j = 0; i < ARRAY_SIZE(xstats); i++) {
> - len += snprintf(buf + len, PATH_MAX - len, "%s",
> + len += scnprintf(buf + len, PATH_MAX - len, "%s",
> xstats[i].desc);
> /* inner loop does each group */
> for (; j < xstats[i].endpoint; j++)
> - len += snprintf(buf + len, PATH_MAX - len, " %u",
> + len += scnprintf(buf + len, PATH_MAX - len, " %u",
> counter_val(stats, j));
> - len += snprintf(buf + len, PATH_MAX - len, "\n");
> + len += scnprintf(buf + len, PATH_MAX - len, "\n");
> }
> /* extra precision counters */
> for_each_possible_cpu(i) {
> @@ -72,9 +72,9 @@ int xfs_stats_format(struct xfsstats __percpu *stats, char *buf)
> xs_read_bytes += per_cpu_ptr(stats, i)->s.xs_read_bytes;
> }
>
> - len += snprintf(buf + len, PATH_MAX-len, "xpc %Lu %Lu %Lu\n",
> + len += scnprintf(buf + len, PATH_MAX-len, "xpc %Lu %Lu %Lu\n",
> xs_xstrat_bytes, xs_write_bytes, xs_read_bytes);
> - len += snprintf(buf + len, PATH_MAX-len, "debug %u\n",
> + len += scnprintf(buf + len, PATH_MAX-len, "debug %u\n",
> #if defined(DEBUG)
> 1);
> #else
> --
> 2.16.4
>
next prev parent reply other threads:[~2020-03-11 18:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-11 9:35 [PATCH] xfs: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
2020-03-11 18:21 ` Darrick J. Wong [this message]
2020-03-11 20:00 ` Takashi Iwai
2020-03-11 22:09 ` Dave Chinner
2020-03-12 7:01 ` Takashi Iwai
2020-03-12 22:27 ` Dave Chinner
2020-03-12 22:43 ` Darrick J. Wong
2020-03-13 5:00 ` Dave Chinner
2020-03-13 7:18 ` Takashi Iwai
2020-03-13 15:52 ` Darrick J. Wong
2020-03-15 8:49 ` Takashi Iwai
2020-03-13 6:52 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200311182136.GH8045@magnolia \
--to=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox