From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sender-of-o57.zoho.eu (sender-of-o57.zoho.eu [136.143.169.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A809F824A3 for ; Mon, 30 Mar 2026 19:35:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.169.57 ARC-Seal:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774899309; cv=pass; b=Cs+28d4UPHk7mUkEQQz1nbWY3jR+JygmtR3oSvqxDMVH5wLNWlDBWuvCxxW/20kiEROBOVZDnWiJ/K/8eutWrofwX/D1ZuYppxgO9L17G/a7PDPgRIz+uoaKhXWkThcovzZI5k5SQ6oTBhzn0LdHnqia/SYoY683xj7iLeBxK1U= ARC-Message-Signature:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774899309; c=relaxed/simple; bh=F69A+pGGhhjOnfVNrGCl3R8FrK7M/W++whKDnItsVcY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=qHyedl8cguuj/BL/99a85ibCpz4qb7R0FA/rhimrryi1+NqbPvc0y4ikvymioFSLMZoNhrU8Z1muuiouKPSoqj68Z3JyEl5yIhFhdvuJMf4dm/LWfefLV7+tohyzuqton3AmK+eN7VWHPHXicr7F0Vx0Mp7FicjcBJ4H0PCMHwM= ARC-Authentication-Results:i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org; spf=pass smtp.mailfrom=objecting.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b=UHaf7cjq; arc=pass smtp.client-ip=136.143.169.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=objecting.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=objecting.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=objecting.org header.i=objecting@objecting.org header.b="UHaf7cjq" ARC-Seal: i=1; a=rsa-sha256; t=1774899284; cv=none; d=zohomail.eu; s=zohoarc; b=fs48QyLlxYQ49bY2eVmOCwpYYNo01BA8RPq9h4DuAz78k6MKDbbfLpeabTosSRjs2DVmtcDVFlx9eH/ApMl5M86fiS2uMLK3belsnxkm0whKnEyA5u4pui3T94Zog3DKz3R3WK3jQ7yUQUmxqimQYaItjDaCKBk8+1jzkigUKgk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1774899284; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To; bh=YDLfacmfG1ZbttjFMGqVR0loG8vozSaWxg9h4C/aP50=; b=Qklq45U0LzcbdbJPI4z2uVnFgIJ+oVw5KoyQDJOyCdQ+ALkAnHU4EtWDFztcRElFFHPGFLxGym9lN7JO4ZrP5Zmb3YHXXJVqFewDg0elbQJOhm4nUiSTuxZEDgA79VZrkazdTwdeO13EMMr2NdZYtNjpyRLumtsmrZn7y2Y5jRA= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=objecting.org; spf=pass smtp.mailfrom=objecting@objecting.org; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1774899284; s=zmail; d=objecting.org; i=objecting@objecting.org; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-Id:Message-Id:MIME-Version:Content-Transfer-Encoding:Reply-To; bh=YDLfacmfG1ZbttjFMGqVR0loG8vozSaWxg9h4C/aP50=; b=UHaf7cjqMMm7M1oG81bai7C+6WoZPaVD8tyS9Us8T1ObvKQLnDvrDVHm7W1QCdoN ioTlOt20NDzJ02lOlfNn8HJGGuocOExnYSiqNOHdKoykQT4S0yD72RHJdUDvTnvHVPx jXq8ASzcLEJTrtPxepinvV53ilnnPPLmLA1/Sc3s= Received: by mx.zoho.eu with SMTPS id 1774899282294103.72774120244799; Mon, 30 Mar 2026 21:34:42 +0200 (CEST) From: Josh Law To: akpm@linux-foundation.org, pmladek@suse.com, rostedt@goodmis.org Cc: andriy.shevchenko@linux.intel.com, linux@rasmusvillemoes.dk, senozhatsky@chromium.org, linux-kernel@vger.kernel.org, Josh Law Subject: [PATCH v2 0/2] lib/vsprintf: pointer handling fixes for bstr_printf() and vbin_printf() Date: Mon, 30 Mar 2026 19:34:38 +0000 Message-Id: <20260330193440.74268-1-objecting@objecting.org> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-ZohoMailClient: External These patches address multiple bugs in vsprintf pointer handling Patch one: Regards argument pointer advancement in bstr_printf(), when the buffer is full.. Patch two: Fixes a OOB write in vbin_printf() when size is 0 Josh Law (2): lib/vsprintf: always advance args in bstr_printf() pointer path lib/vsprintf: fix OOB write in vbin_printf() when size is zero lib/vsprintf.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) Changes since V1: Dropped 2 patches, probably not needed. For patch 2: Instead of using else if (end > (char *)bin_buf), instead guard size with else if (size) /* do nothing if size is zero */ (suggested by steven Rostedt) -- 2.34.1