From: David Laight <david.laight.linux@gmail.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1 1/1] usb: hcd: Bump local buffer size in rh_string()
Date: Fri, 17 Jan 2025 19:52:13 +0000 [thread overview]
Message-ID: <20250117195213.651dc338@pumpkin> (raw)
In-Reply-To: <20250116160543.216913-1-andriy.shevchenko@linux.intel.com>
On Thu, 16 Jan 2025 18:05:43 +0200
Andy Shevchenko <andriy.shevchenko@linux.intel.com> wrote:
> GCC is not happy about the buffer size:
>
> drivers/usb/core/hcd.c:441:48: error: ‘%s’ directive output may be truncated writing up to 64 bytes into a region of size between 35 and 99 [-Werror=format-truncation=]
> 441 | snprintf (buf, sizeof buf, "%s %s %s", init_utsname()->sysname,
> | ^~
> 442 | init_utsname()->release, hcd->driver->description);
> | ~~~~~~~~~~~~~~~~~~~~~~~
>
> Bump the size to get it enough for the possible strings.
>
> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> ---
> drivers/usb/core/hcd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
> index 0b2490347b9f..a75cf1f6d741 100644
> --- a/drivers/usb/core/hcd.c
> +++ b/drivers/usb/core/hcd.c
> @@ -415,7 +415,7 @@ ascii2desc(char const *s, u8 *buf, unsigned len)
> static unsigned
> rh_string(int id, struct usb_hcd const *hcd, u8 *data, unsigned len)
> {
> - char buf[100];
> + char buf[160];
Pretty pointless - look at ascii2desc() just above.
(Converts to LE i6-bit chars with a leading type+length.)
It gets truncated to 126 characters.
Indeed the entire snprintf() is pretty pointless given what happens to the
data given that it is all strings.
Is the overall truncation even right?
The outer length is bounded to 254, but there may be fewer characters in the
buffer because the buffer length itself might be smaller.
Seems a recipe for disaster.
David
> char const *s;
> static char const langids[4] = {4, USB_DT_STRING, 0x09, 0x04};
>
prev parent reply other threads:[~2025-01-17 19:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-16 16:05 [PATCH v1 1/1] usb: hcd: Bump local buffer size in rh_string() Andy Shevchenko
2025-01-17 6:11 ` Greg Kroah-Hartman
2025-01-17 13:42 ` Andy Shevchenko
2025-01-17 14:26 ` Greg Kroah-Hartman
2025-01-17 14:33 ` Andy Shevchenko
2025-01-17 14:46 ` Greg Kroah-Hartman
2025-01-17 19:52 ` David Laight [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250117195213.651dc338@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox