From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55EF8428D37 for ; Wed, 1 Jul 2026 19:33:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.54 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782934399; cv=none; b=F6EYUMqkSugVxYiK8gGSsemA8iGs4PGpKdBFGxY/l25+h/Vv6Y13atpebiy6HdBDF887qlVw+SZ9aVWeEAlU0NtJqbkfHZb+lqAcUlbEfv/epC0iSODf0ADYEG5qTRsoVISFcE7PojVwMFiLYw8otlNpZbFtI9yLz8IqXou1Lrk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782934399; c=relaxed/simple; bh=EzcyK8KQAPq+xS3KRabSKUrzFYSXclGEAobTC9euuq8=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=sjS4D1uUntwMAwspr9XqsIb+Hu6hiqQ6hOFq+GbOv6D183WfGcNXPwZ8NuIEc7zkUP0f1ZRQKCdDFWJSrqt0BxQmixRnH0eRvUBmHxgPL8OwyPMRV3icOZ1f/n76+9K6jAOU9QH7FeYEO446sbOq7Q6gC2M0uz0q4Vjhj2JjRDU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=egVl/b34; arc=none smtp.client-ip=209.85.128.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="egVl/b34" Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-493c00f74baso6128385e9.0 for ; Wed, 01 Jul 2026 12:33:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782934395; x=1783539195; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=BaXEKLb5tE0UPuqTQ/sKkozLzOhIqRiW5VBP89Tj6dM=; b=egVl/b34US0vfBZGM64KQFas1mtcT14zbOBqaucQ82349CPJ/squ/zwmxEHq8Nt95z HQRVxHMb53e7e0DgZ0ehC83sQf6uRK1i+BTOWSOkh3ELKxpBC9vdHAVl1vXP6H2T0h5f vpNQb0VR+zatkPK2NzIYkOoTtl5Nz1CFoqIqmtkDpVD1rATywguxRhywWqx2hH6KbQRY rjD6yL6XBJ47GQZ4vWdsru9P1RMlKVHAFMVWgoCB60PZg9O4qQjKB7ovb4xqi0md2lgF QpJ7uYgJDV8vdbx8xMUD6BwjuXzHzRKJxRMExpOgOy3CbyEKV+PzBZE/eLkcKajuoWVd eD1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782934395; x=1783539195; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=BaXEKLb5tE0UPuqTQ/sKkozLzOhIqRiW5VBP89Tj6dM=; b=gn85x1M8V2WC1J9QoKlcxMwPDo9RZyMrjBGnYXSU7qsP+Xz8btI9w1iJJxIATyjTHk NpOOU5xpuRe3eDOgd/B0zzXgZDA18ekzkxtkakhYNNvrjam3oAmK+eHpFzkvKql6NwJ4 4cvLXiVuApgbFNkEHk3loXEi8Td+SwDNBbVzIr6S8/PFYGAwJrKf9a5mj1u2s0c/4ZTT IsKwh7/6yWR6F9nGqIkt8thZRErDHdsQkU9s2ODd/dOKIqBNQj05+Xq1virk6JVx1UzW suePdWsAv6FZpvqxPavXIuSklgw+rjn22qCtx8NQmHuMYTEi/PKB5yZWGUA4eZEjrFBp Ph7Q== X-Forwarded-Encrypted: i=1; AFNElJ8RAz6VxMhhjokBCUHu25SmrJoa+PPyJsKrYuojwPT3Tl2jcNXxyXKJsZTFMiINy6OPN2++vQYVKumzYfY=@vger.kernel.org X-Gm-Message-State: AOJu0YzaANIfLWszcL2vQvDQsq2JDdif4K7CsbZGZZ19r4KghD/u5P9A e72Pxxtkd7TvNoMQNgntM1r40qhN+LtilcTT4csSbobnA2ihQyS8rysc X-Gm-Gg: AfdE7ckfTQT5w2dbiS/aLW09VCbfvT2WdGbYuqTa23ZpdNQAR7RVnDDdxJfBu0tZKvC bt4g9ktWg223lZYuV0nGuddwpx/i7eBQgizsuFI2HDEElvw5uzHT6bKq28JTiMJ4YuCXyZSApYB nXUDi1gwpkCpQ6LMIVtF1VVl5bXeiLTpMTicrfih/HOUmxG47R5hhfkM6lT044lD1OmUe6/GneG xCe5jTFqmxmKqGDgtQq+QGLVRf6x2rI/8HGVfsnkOPE16AfLV4gMFVuCq1WNAq/J7hUknVsdOP/ Eeo5Ij37Uzplr3EVc9o/EEfzRQlqtBRpTwmFD+uSMH+I/L3UEQwDgFVM/8pWQeqfh+qzGCRHL0B UPGeBu5dHJuF3tzIooX5ZSHZP9JS66cWe32TLZ5KGCKz4EnDIzP4sQhjswWJVqrDUG1//E7r1v4 A7CEg369lTr8K7fC/rRap7ZiTyljDaY7VaX1ECGqn5pivaig== X-Received: by 2002:a05:600c:8217:b0:493:b91c:6bf with SMTP id 5b1f17b1804b1-493c2b7c93amr45574945e9.18.1782934395222; Wed, 01 Jul 2026 12:33:15 -0700 (PDT) Received: from pumpkin (host-92-21-50-228.as13285.net. [92.21.50.228]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493bfe7427dsm46471655e9.2.2026.07.01.12.33.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jul 2026 12:33:14 -0700 (PDT) Date: Wed, 1 Jul 2026 20:33:11 +0100 From: David Laight To: Baran Tuna Cc: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Breno Leitao , netdev@vger.kernel.org (open list:QLOGIC QL4xxx ETHERNET DRIVER), linux-kernel@vger.kernel.org (open list) Subject: Re: [PATCH] qede: Prevent possible snprintf() truncation by bounding %s string format Message-ID: <20260701203311.5e819163@pumpkin> In-Reply-To: <20260701144713.197557-1-barant@fastmail.com> References: <20260701144713.197557-1-barant@fastmail.com> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 1 Jul 2026 17:47:11 +0300 Baran Tuna wrote: > GCC warning shows that formatted strings may > exceed the fixed-size destination buffers. > > Bounding the %s string format > so the maximum formatted output always fits. > > This eliminates the -Wformat-truncation warning. > > Signed-off-by: Baran Tuna > --- > drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/net/ethernet/qlogic/qede/qede_ethtool.c b/drivers/net/ethernet/qlogic/qede/qede_ethtool.c > index 647f30a16a94..5428f53150a0 100644 > --- a/drivers/net/ethernet/qlogic/qede/qede_ethtool.c > +++ b/drivers/net/ethernet/qlogic/qede/qede_ethtool.c > @@ -618,10 +618,10 @@ static void qede_get_drvinfo(struct net_device *ndev, > if ((strlen(storm) + strlen("[storm]")) < > sizeof(info->version)) > snprintf(info->version, sizeof(info->version), > - "[storm %s]", storm); > + "[storm %.16s]", storm); > else > snprintf(info->version, sizeof(info->version), > - "%s", storm); > + "%.16s", storm); That looks wrong. The code is using two different formats based on the length of 'storm' but you are truncating it to the same length in both cases. I think this will work: if (snprintf(info->version, sizeof(info->version), "[storm %s]", storm) >= sizeof(info->strorm)) strscpy(info->version, storm); -- David > > if (edev->dev_info.common.mbi_version) { > snprintf(mbi, ETHTOOL_FWVERS_LEN, "%d.%d.%d", > @@ -632,10 +632,10 @@ static void qede_get_drvinfo(struct net_device *ndev, > (edev->dev_info.common.mbi_version & > QED_MBI_VERSION_0_MASK) >> QED_MBI_VERSION_0_OFFSET); > snprintf(info->fw_version, sizeof(info->fw_version), > - "mbi %s [mfw %s]", mbi, mfw); > + "mbi %.10s [mfw %.10s]", mbi, mfw); > } else { > snprintf(info->fw_version, sizeof(info->fw_version), > - "mfw %s", mfw); > + "mfw %.16s", mfw); > } > > strscpy(info->bus_info, pci_name(edev->pdev), sizeof(info->bus_info));