From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753993AbdIDSey convert rfc822-to-8bit (ORCPT ); Mon, 4 Sep 2017 14:34:54 -0400 Received: from blatinox.fr ([51.254.120.209]:41781 "EHLO vps202351.ovh.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753932AbdIDSes (ORCPT ); Mon, 4 Sep 2017 14:34:48 -0400 X-Greylist: delayed 326 seconds by postgrey-1.27 at vger.kernel.org; Mon, 04 Sep 2017 14:34:48 EDT Date: Mon, 4 Sep 2017 14:29:16 -0400 From: =?UTF-8?B?SsOpcsOpbXk=?= Lefaure To: Arnd Bergmann , Andrew Morton , Stephen Rothwell , David Howells Cc: linux-cachefs@redhat.com, linux-kernel@vger.kernel.org, dhowells@redhat.com Subject: Re: [PATCH 21/22] fscache: fix fscache_objlist_show format processing Message-ID: <20170904142916.7a67428f@blatinox-laptop.localdomain> X-Mailer: Claws Mail 3.15.0git135 (GTK+ 2.24.31; x86_64-unknown-linux-gnu) In-Reply-To: <20170714120720.906842-22-arnd@arndb.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > gcc points out a minor bug in the handling of unknown > cookie types, which could result in a string overflow > when the integer is copied into a 3-byte string: > > fs/fscache/object-list.c: In function 'fscache_objlist_show': > fs/fscache/object-list.c:265:19: error: 'sprintf' may write a > terminating nul past the end of the destination > [-Werror=format-overflow=] sprintf(_type, "%02u", cookie->def->type); > ^~~~~~ fs/fscache/object-list.c:265:4: note: 'sprintf' output between > 3 and 4 bytes into a destination of size 3 > > This is currently harmless as no code sets a type other > than 0 or 1, but it makes sense to use snprintf() here > to avoid overflowing the array if that changes. > > Signed-off-by: Arnd Bergmann > --- Hi, I sent a patch to fix this issue in April [1]. It was accepted by David Howells [2]. I don't know why it wasn't upstreamed. > fs/fscache/object-list.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/fscache/object-list.c b/fs/fscache/object-list.c > index 67f940892ef8..b5ab06fabc60 100644 > --- a/fs/fscache/object-list.c > +++ b/fs/fscache/object-list.c > @@ -262,7 +262,8 @@ static int fscache_objlist_show(struct seq_file > *m, void *v) type = "DT"; > break; > default: > - sprintf(_type, "%02u", cookie->def->type); > + snprintf(_type, sizeof(_type), "%02u", > + cookie->def->type); > type = _type; > break; > } In my patch I didn't use snprintf (which is fine) but I used the hexadecimal value (as it is in the documentation [3]). Is it too late to change this patch ? If it is, I can send a patch to use an hex value. Thank you, Jérémy [1]: https://marc.info/?l=linux-kernel&m=149263432022839&w=4 [2]: https://marc.info/?l=linux-kernel&m=149330544916184&w=4 [3]: see Documentation/filesystems/caching/fscache.txt