From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from flow-a5-smtp.messagingengine.com (flow-a5-smtp.messagingengine.com [103.168.172.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2A63279798; Wed, 1 Jul 2026 16:23:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=103.168.172.140 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782923014; cv=none; b=trWir/lSTqtQeyWfPpCbchP172BQKOZPAFVpuYQybDqsBoZMuPu12Amy+ke+GHPhVgJYk86skDdfVEgDK2UMA970XBOtFR450NIrhZLokycJCHXFErmmw18FKKGZs+6WQ5mP0AKfHnT6lSJ8tlqRUpQ4oWKv1akYAVd0Bnl/V1c= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782923014; c=relaxed/simple; bh=x10C5v/pkDN5JEhi5Z90muc7qgtwdJDaeB1HgP/pcHo=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=WLE2f4foDbPNJrRJ3j6Y5sklUTbtFfW2UFV3FIDfBU2E9ubS9lWKw2O8PrzmcDccpv/yqpmuYlZbwNGmwwe7zqklCNgtJdRMkpQp8R8SjNhBN/+DuEacmCo2q8RZCwfo5DRHGo2zgihpzwZ5vmXi/HQAbbHPdJvUBoogokRbq8M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=fastmail.com; spf=pass smtp.mailfrom=fastmail.com; dkim=pass (2048-bit key) header.d=fastmail.com header.i=@fastmail.com header.b=pgzXdUaP; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=cLxJZnyt; arc=none smtp.client-ip=103.168.172.140 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=fastmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fastmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fastmail.com header.i=@fastmail.com header.b="pgzXdUaP"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="cLxJZnyt" Received: from phl-compute-09.internal (phl-compute-09.internal [10.202.2.49]) by mailflow.phl.internal (Postfix) with ESMTP id BA85013803FA; Wed, 1 Jul 2026 12:23:31 -0400 (EDT) Received: from phl-frontend-04 ([10.202.2.163]) by phl-compute-09.internal (MEProxy); Wed, 01 Jul 2026 12:23:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1782923011; x=1782926611; bh=bIIdkaiZyLJ8dGaBsy+pOB1LtJlZqvLnI/SY4kK7MsE=; b= pgzXdUaPLJ59bm5PICdUUbPY4QKNEAuIenH4eOEV6jc0vrgkONRWWwsIQKAhsZd3 90fZFVaF0+7dET/zgxPwjp2nF3EFcGJ8cHHJ676NnMPtOJ45I0snDn3B3GgNyTA4 MAIbJ9bPUPXanAa7GO+vL26wYF5t6FfOHYL6TsK5zUZYQIqSTOcEWv6RMmT329zC JzCX8JupRxOg7kgHFeOlg4/K2lF4DOiS3mx3g3h3Q/0tSCbRQjJ4HutKmukVWycA 6DQxaEoySrFPpg3Ady70qQGJETOMBYoe0gHyvSZAcLjEaXb9VCB+wRFHWZkJFzkU 5/wy2vRiX5FhqafaDpuzSg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1782923011; x= 1782926611; bh=bIIdkaiZyLJ8dGaBsy+pOB1LtJlZqvLnI/SY4kK7MsE=; b=c LxJZnytS/Tsv+E6zFyJz2sDFARGejdBa+611xVW6J4K8ExVcQQ7821+Z4Md4vKNe yY/0FEH3bfXpC1UV98oA9x+SbsEyrUyUhN3IcPmRQu+cpSDLX5Hc5Sdp7bLb7SKE F79fANlOZRzUgTFZqVlPN+CRkzMVKaE4XRahebYiB8B8pjs8KlUnx1XQd0L8xA6V 4ltzH1zzwUYNtn/9JiF/gUogelwMkEvDAu1Ebdw4B1F9nFY37E761quF89Pf7f9u URwiMP59+vqsN2KWvhGPJchxSJ0ftsHzcndfAdTTMc8vucP4q/fIJVPVdfgaTw3/ 2JW0NyobZfPSCmpursITA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: dmFkZTE4zoAaZe8L2+jvZaacThwtfnpMPC6LLvbRLosiLXdN5TxmBr60aNb8A08/c4yk10 rCva1N2EQrNvsd+TFvLDW12DsF4qfnYXGB+3XNnrCiHAr72tANSXf99ZHOSryWtQ4mpg9u FQ1neFOoU6VFX3cb2SR4lwTNkqVM3HAoWu8mHUzjv6hWxlYrg1bllFJMuvCm2KwbjOeHdr en5TZcFEf5lWtcngTgtA+JUlrs3qe5KsFaFg+qUU0N5o9yxOqnydem7SNHsZOKJVpLNNKD uf2q/MpwAUHpZfj0UjqgVy4aS5NXqW3DRtp9MVJna1NNgBuZU2KW32CnAuQ0/abf7bLAci p8ttWjRHa2xaStm7lJf/ZANB2+tIGvZ4Pnn2LXaVUpjS4c00q9wHb964z1d6TtZzMq3K/c 3ov6ezT2MmjtoLgK1QMBP3qe9+vBy9n6tEZCsR5bObwWxBHjyqprfMt2AyScy0Q88wIfYV J7EkHzfZqUX9ZIfUKey4b78TgR5r+0xMWIk6P3B5xH4Vv/Ae06f86Jey5kDSe6XPUcewh0 0gH7Amom3VgvBGgmz0fdJWbxTgRHfAkM95fgrSxvV4NW5+4F9Uvt7bcofOt3Vtgs5Rkt5K PvCFRpCY7HcTRxJpwhyOWJ5q1tdop90NA7kGokl6d/viQCmxRo4PABs579sw X-ME-Proxy: Feedback-ID: i9dce4b48:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 1 Jul 2026 12:23:29 -0400 (EDT) Message-ID: Date: Wed, 1 Jul 2026 19:23:27 +0300 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] qede: Prevent possible snprintf() truncation by bounding %s string format To: Breno Leitao Cc: Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , "open list:QLOGIC QL4xxx ETHERNET DRIVER" , open list References: <20260701144713.197557-1-barant@fastmail.com> Content-Language: en-US From: Baran TUna In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit The current solution is pretty arbitrary. Numbers are coming from a simple calculation, to make sure output always fits. I will take a further look and send a patch if there is a more generalized solution. On 7/1/26 6:27 PM, Breno Leitao wrote: > On Wed, Jul 01, 2026 at 05:47:11PM +0300, Baran Tuna wrote: >> GCC warning shows that formatted strings may >> exceed the fixed-size destination buffers. >> >> Bounding the %s string format >> so the maximum formatted output always fits. >> >> This eliminates the -Wformat-truncation warning. >> >> Signed-off-by: Baran Tuna >> --- >> drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 8 ++++---- >> 1 file changed, 4 insertions(+), 4 deletions(-) >> >> diff --git a/drivers/net/ethernet/qlogic/qede/qede_ethtool.c b/drivers/net/ethernet/qlogic/qede/qede_ethtool.c >> index 647f30a16a94..5428f53150a0 100644 >> --- a/drivers/net/ethernet/qlogic/qede/qede_ethtool.c >> +++ b/drivers/net/ethernet/qlogic/qede/qede_ethtool.c >> @@ -618,10 +618,10 @@ static void qede_get_drvinfo(struct net_device *ndev, >> if ((strlen(storm) + strlen("[storm]")) < >> sizeof(info->version)) >> snprintf(info->version, sizeof(info->version), >> - "[storm %s]", storm); >> + "[storm %.16s]", storm); > Where is this 16 coming from? > > Also, isn't the if above checking for no overflow? I.e, > we got here only if strlen(storm) + strlen("[storm]") < sizeof(info->version)) > > For whoever else is reviwewing this, this the buffers: > > #define ETHTOOL_FWVERS_LEN 32 > char version[32]; > char storm[ETHTOOL_FWVERS_LEN]; >