[PATCH][next] powerpc/spufs: Replace snprintf() with the safer scnprintf() variant

[PATCH][next] powerpc/spufs: Replace snprintf() with the safer scnprintf() variant

[Paulo Miguel Almeida]

The C99 standard specifies that {v}snprintf() returns the length of the
data that *would have been* written if there were enough space. In some
cases, this misunderstanding led to buffer-overruns in the past. It's
generally considered better/safer to use the {v}scnprintf() variants in
their place.

While at it, fix some style issues pointed out by checkpatch.pl

Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Signed-off-by: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@gmail.com>
---
 arch/powerpc/platforms/cell/spufs/file.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
index d5a2c77bc908..f766821fe3bf 100644
--- a/arch/powerpc/platforms/cell/spufs/file.c
+++ b/arch/powerpc/platforms/cell/spufs/file.c
@@ -2320,13 +2320,13 @@ static int switch_log_sprint(struct spu_context *ctx, char *tbuf, int n)
 
 	p = ctx->switch_log->log + ctx->switch_log->tail % SWITCH_LOG_BUFSIZE;
 
-	return snprintf(tbuf, n, "%llu.%09u %d %u %u %llu\n",
-			(unsigned long long) p->tstamp.tv_sec,
-			(unsigned int) p->tstamp.tv_nsec,
-			p->spu_id,
-			(unsigned int) p->type,
-			(unsigned int) p->val,
-			(unsigned long long) p->timebase);
+	return scnprintf(tbuf, n, "%llu.%09u %d %u %u %llu\n",
+			 (unsigned long long)p->tstamp.tv_sec,
+			 (unsigned int)p->tstamp.tv_nsec,
+			 p->spu_id,
+			 (unsigned int)p->type,
+			 (unsigned int)p->val,
+			 (unsigned long long)p->timebase);
 }
 
 static ssize_t spufs_switch_log_read(struct file *file, char __user *buf,
-- 
2.47.0

Re: [PATCH][next] powerpc/spufs: Replace snprintf() with the safer scnprintf() variant

[Segher Boessenkool]

On Fri, Oct 18, 2024 at 09:28:19PM +1300, Paulo Miguel Almeida wrote:
> The C99 standard specifies that {v}snprintf() returns the length of the
> data that *would have been* written if there were enough space.

Not including the trailing zero byte, and it can also return negative if
there was an encoding error.  Yes.

Not that this matters at all for your patch, so why mention it?


Segher

Re: [PATCH][next] powerpc/spufs: Replace snprintf() with the safer scnprintf() variant

[Paulo Miguel Almeida]

On Fri, Oct 18, 2024 at 10:38:43AM -0500, Segher Boessenkool wrote:
> On Fri, Oct 18, 2024 at 09:28:19PM +1300, Paulo Miguel Almeida wrote:
> > The C99 standard specifies that {v}snprintf() returns the length of the
> > data that *would have been* written if there were enough space.
> 
> Not including the trailing zero byte, and it can also return negative if
> there was an encoding error.  Yes.
> 
> Not that this matters at all for your patch, so why mention it?
> 
> 
> Segher

Thanks for taking the time to review this patch.

Is the objection with the change in itself or just the commit message?

If it's the later, I'm happy to tweak it to what you would like see.

I added that bit for context so the motivation behind the preference for
scnprintf is clear, otherwise one would ask me why :)

We are phasing out snprint utilisations in which the result is being
used [1]. One of possible ways this *might* take form is that in near
future snprint will have it return void.

[1] https://github.com/KSPP/linux/issues/105#issuecomment-2421244722

- Paulo A.

Re: [PATCH][next] powerpc/spufs: Replace snprintf() with the safer scnprintf() variant

[Segher Boessenkool]

Hi!

On Sat, Oct 19, 2024 at 12:50:43PM +1300, Paulo Miguel Almeida wrote:
> On Fri, Oct 18, 2024 at 10:38:43AM -0500, Segher Boessenkool wrote:
> > On Fri, Oct 18, 2024 at 09:28:19PM +1300, Paulo Miguel Almeida wrote:
> > > The C99 standard specifies that {v}snprintf() returns the length of the
> > > data that *would have been* written if there were enough space.
> > 
> > Not including the trailing zero byte, and it can also return negative if
> > there was an encoding error.  Yes.
> > 
> > Not that this matters at all for your patch, so why mention it?
> > 
> > 
> > Segher
> 
> Thanks for taking the time to review this patch.
> 
> Is the objection with the change in itself or just the commit message?

Mostly the commit message.  But because it is confusing, it makes the
patch itself uncertain as well.

The patch is probably fine fwiw, as far as I can see.  But the commit
message is not. And the commit message is by far the most important
part of any patch!

> If it's the later, I'm happy to tweak it to what you would like see.

It is not about what I want to see.  It is about what you want to say
to justify the patch!

In this case, just leave out all the irrelevant stuff, just say why you
think scnprintf is better than what you replace?

Everythihng you did say is about why what you are removing was good.
Not a great patch justification :-)


Segher