From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D677478862
	for <linux-kernel@vger.kernel.org>; Thu, 26 Feb 2026 22:11:54 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.43
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1772143915; cv=none; b=rJCY/mc9TQwxfii+fkoqjj0Z9+Fst8VSLZX1bQQ7h0KglMruwUDAHAgBj+vF1GBUFxVm91vKqdTnYp6fCAcqSU+LuB1lBEFC62W2EtmiMuF57PlkPNglY5ZqxunTLIikaKEJJjbC01yfFRDlqhQaGe4Q6zIyBFhkcdHYsj3R6dc=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1772143915; c=relaxed/simple;
	bh=HI22fX8GUpAhI2gCirQ6wRtmM/wbJi4sH0hZQ9xdrCQ=;
	h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type; b=XD6TNM4AfqfrtEU5oyqRWHARGwZhZAtNvrvtCw6LFTZqulW24Ju1LwhTvtf9/dFw88YG8JfUXZE40gP7lqKZja7n70w2GWr0BQhaG2S8Qs8KCzSeQwFiZZEnpd2IGW/9YP3JrhDDx1rXo+kx5i5FmqnqGetEOUVfBpflZKJ2a0g=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Qfo2Bj+g; arc=none smtp.client-ip=209.85.221.43
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Qfo2Bj+g"
Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-4375d4fb4d4so848477f8f.0
        for <linux-kernel@vger.kernel.org>; Thu, 26 Feb 2026 14:11:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1772143912; x=1772748712; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:from:to:cc:subject:date
         :message-id:reply-to;
        bh=QTvdcOxsqpujCAOTtSSw8fHo0v0HdSgPDMZNOJi+c0M=;
        b=Qfo2Bj+g2ul9rDZd+7Qf3XXt40miQMjL4a5lYUDLARDP1LY8qagV81FtW9fetNuJJ8
         PgqbqfTDBuJikqGGGyCx1+RyDnNr5W03h3IuIZxziujaq28oPW2A/5IkcGeJZt4o0yAx
         AUQOZR9Ms6C3vdSUoclfsWX2tC6VPq8gfB4muUCx5AqJY9L3XmcFHt6rJ0P7SjTovTji
         QlvCv0l/CRXRpgcbhTjiaiZNFT3gdoQdBGcbQtdss+djyEOGCLw6rEW3vExgRpjdvHGt
         /SC0KPZ9Wz2eYoPB+pV2lCiRsT5Mzf3kcpO0gYCip7GNOQNqm29GJcRcZBbTaHdt6ZL5
         vDYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772143912; x=1772748712;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=QTvdcOxsqpujCAOTtSSw8fHo0v0HdSgPDMZNOJi+c0M=;
        b=f65yhKY8NXsRZ6y0L2Lg0YUpzfl/WwT/WC2gD5vqUoctmhvFVAnXcI7fRHqvBd9IAq
         4NG41Ca8AR/hEC7IkOJkuudLKATU8MUv01BF/XEfSI0UyxmXOkM93N6OXECYbj93lLbb
         hMd09zECQOiU0trZyUcLTdJFSZPo3olHb11iK9S4umyzj9qx7CXedoZiQsKlk3Xpyx9M
         oo4LJN5z/WXBilV/XIbJC/Gjrb7FmXSjZeXNvJhitpCPq8mDf6rXUHECg27ua8L3H3fC
         oNhPxV5UFGjNOcuSEZ0ZgKw8MwVCl70Pd9HoaU+iCpqwrU1Ajj6xSSwIcjcBDSAjaKa1
         wDsQ==
X-Forwarded-Encrypted: i=1; AJvYcCXUzplHYyS2c58YflreXjrtr16BUJ8+OeSuPG3owQld8xo2IuDTKtxK4VmBgImjm2Te5/mmFGaSAnjgTWA=@vger.kernel.org
X-Gm-Message-State: AOJu0YyIjphYhLg3UioMVlPh/zZuA3c1i2Ai5YpD6czUa08E50+JW/2m
	mYsWNqeNTgzPqbqtzf+zPhX/NflnkrWUhkc07N59ykMFZYWRT4XuVNLr
X-Gm-Gg: ATEYQzzafp5kE3TwzMCc5d2Y+XM1uezzT1Uis/MbI2Vmjxhk80/V5r5BXVQNGjGEOK8
	trJEfnzWsUFR3rXvfXcU8eBu2Jo+kN+KUmSPlfvnIktkUoDeT1oJHJTl7TnOh6XXPBPNIcGqoIb
	FPJZNWu8w0V09QHM1SzDqGKd5Oz2GhZozgITPAM6Mz9rgiWypPxQ6PoidKtQCXgwvFlSxhXmmgH
	uqpKVYpLOKSThg9FHrabgKj5yUZ9h5cDMBz5uVnpHxBSmZ9BtEnaz0likXXGhwYN/64G7bm+2FJ
	/ScD7qfgYXpuWYxet+2VOfsMkPfS0Gu/Nk3/IltMCu+ytgunQwGCBIEVEUkaJKBgbm2GcUF9gGw
	lwv4o8p9maF4f5pyYvxf68dOweokBmS1mcVj2W45MNkLXRhd/u9okVD+WPcNwiOXhhir//9x+Vg
	H+laq+UCXW1DsOF1/W0pgcBDBLhXivZ6M0RXOhsJfRXlpvlINeHbskzZo1kBaAunkW
X-Received: by 2002:a05:6000:144e:b0:439:98b8:649a with SMTP id ffacd0b85a97d-4399de2c699mr698006f8f.47.1772143912242;
        Thu, 26 Feb 2026 14:11:52 -0800 (PST)
Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4399c75b19esm2364453f8f.25.2026.02.26.14.11.51
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 26 Feb 2026 14:11:51 -0800 (PST)
Date: Thu, 26 Feb 2026 22:11:50 +0000
From: David Laight <david.laight.linux@gmail.com>
To: Thomas =?UTF-8?B?V2Vpw59zY2h1aA==?= <linux@weissschuh.net>
Cc: Willy Tarreau <w@1wt.eu>, linux-kernel@vger.kernel.org, Cheng Li
 <lechain@gmail.com>
Subject: Re: [PATCH v3 next 07/17] tools/nolibc/printf: Move snprintf length
 check to callback
Message-ID: <20260226221150.140ec68a@pumpkin>
In-Reply-To: <dddbec05-2fff-4aa0-89df-2c49144932cf@t-8ch.de>
References: <20260223101735.2922-1-david.laight.linux@gmail.com>
	<20260223101735.2922-8-david.laight.linux@gmail.com>
	<bcc3b413-e209-4d1c-ab3f-d33b467fe4c8@t-8ch.de>
	<20260225231221.70b0531f@pumpkin>
	<dddbec05-2fff-4aa0-89df-2c49144932cf@t-8ch.de>
X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Thu, 26 Feb 2026 22:29:07 +0100
Thomas Wei=C3=9Fschuh <linux@weissschuh.net> wrote:

> On 2026-02-25 23:12:21+0000, David Laight wrote:
> > On Wed, 25 Feb 2026 23:37:42 +0100
> > Thomas Wei=C3=9Fschuh <linux@weissschuh.net> wrote:
> >  =20
> > > On 2026-02-23 10:17:25+0000, david.laight.linux@gmail.com wrote:
> > >=20
> > > (...)
> > >  =20
> > > > @@ -425,18 +430,25 @@ int __nolibc_printf(__nolibc_printf_cb cb, in=
tptr_t state, size_t n, const char
> > > > =20
> > > >  		/* literal char, just queue it */
> > > >  	}
> > > > +
> > > > +	/* Request a final '\0' be added to the snprintf() output.
> > > > +	 * This may be the only call of the cb() function.
> > > > +	 */
> > > > +	if (cb(state, NULL, 0) !=3D 0)
> > > > +		return -1;
> > > > +
> > > >  	return written;
> > > >  }   =20
> > >=20
> > > (...)
> > >  =20
> > > > +static int __nolibc_sprintf_cb(void *v_state, const char *buf, siz=
e_t size)
> > > >  {
> > > > -	char **state =3D (char **)_state;
> > > > +	struct __nolibc_sprintf_cb_state *state =3D v_state;
> > > > +	size_t space =3D state->space;
> > > > +	char *tgt;
> > > > +
> > > > +	/* Truncate the request to fit in the output buffer space.
> > > > +	 * The last byte is reserved for the terminating '\0'.
> > > > +	 * state->space can only be zero for snprintf(NULL, 0, fmt, args)
> > > > +	 * so this normally lets through calls with 'size =3D=3D 0'.
> > > > +	 */
> > > > +	if (size >=3D space) {
> > > > +		if (space <=3D 1)
> > > > +			return 0;
> > > > +		size =3D space - 1;
> > > > +	}
> > > > +	tgt =3D state->buf;
> > > > +
> > > > +	/* __nolibc_printf() ends with cb(state, NULL, 0) to request the =
output
> > > > +	 * buffer be '\0' terminated.
> > > > +	 * That will be the only cb() call for, eg, snprintf(buf, sz, "").
> > > > +	 * Zero lengths can occur at other times (eg "%s" for an empty st=
ring).
> > > > +	 * Unconditionally write the '\0' byte to reduce code size, it is
> > > > +	 * normally overwritten by the data being output.
> > > > +	 * There is no point adding a '\0' after copied data - there is a=
lways
> > > > +	 * another call.
> > > > +	 */
> > > > +	*tgt =3D '\0';
> > > > +	state->space =3D space - size;
> > > > +	state->buf =3D tgt + size;
> > > > +	memcpy(tgt, buf, size);   =20
> > >=20
> > > This trips UBSAN for me when 'buf =3D=3D NULL'.
> > >=20
> > > if (cb(state, NULL, 0) !=3D 0)
> > > 	return -1;
> > >=20
> > > It can be fixed by adding a NULL check around memcpy(),
> > > but I'd rather not do this as a random fixup. =20
> >=20
> > Blame Willy, he made me remove the 'if (size)' check to reduce
> > the code size. =20
>=20
> Done. But we still can't hard-break our own testsuite.
> If we can detect UBSAN at build-time, that could work.
> But I would prefer to just add the check.
>=20
> > The '*tgt =3D 0' line is (only) needed when size is zero, the other lin=
es
> > are clearly pointless.
> > So the 'random fixup' is adding 'if (size)' rather than a NULL
> > pointer check
> > printf("%s", "") will give a zero size with non-NULL buf. =20
>=20
> Can you roll this into the next revision?

I'll add the zero check back.
Probably get around to it tomorrow.
At least I don't have to completely re-order the patches again.
I've got about 15 old branches from failed attempts lurking.

	David

>=20
> > IIRC the C standard make memcpy(tgt, NULL, 0) UB because some old system
> > no one has used for 40+ years would trap when NULL was loaded into an
> > 'address register' and they wanted it to be compliant. =20
>=20
> Fair enough. But how would this work for functions where NULL is an
> allowed argument value like 'free()'? Anyways, we use UBSAN in the
> testsuite and it actually found a bunch of issues, so I'd like to keep
> it.
>=20
> > > > =20
> > > > -	memcpy(*state, buf, size);
> > > > -	*state +=3D size;
> > > >  	return 0;
> > > >  }   =20
> > >=20
> > > (...) =20