All of lore.kernel.org
 help / color / mirror / Atom feed
From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: U-Boot Mailing List <u-boot@lists.denx.de>,
	Tom Rini <trini@konsulko.com>, Simon Glass <sjg@chromium.org>
Subject: Re: [PATCH 1/5] lib/vsprintf.c: make sure vsnprintf() never returns a negative value
Date: Fri, 21 May 2021 16:40:16 +0200	[thread overview]
Message-ID: <a0f67892-cdc5-3ce7-7f8c-578586dc849c@prevas.dk> (raw)
In-Reply-To: <6d1761b1-5129-d5a1-24ba-a27d15c42198@gmx.de>

On 21/05/2021 16.15, Heinrich Schuchardt wrote:
> On 21.05.21 14:53, Rasmus Villemoes wrote:
>> On 20/05/2021 19.51, Simon Glass wrote:
>>> Hi Rasmus,
>>>
>>> On Thu, 20 May 2021 at 04:05, Rasmus Villemoes
>>> <rasmus.villemoes@prevas.dk> wrote:
>>>>
>>>> Most callers (or callers of callers, etc.) of vsnprintf() are not
>>>> prepared for it to return a negative value.
>>>>
>>>> The only case where that can currently happen is %pD, and it's IMO
>>>> more user-friendly to produce some output that clearly shows that some
>>>> "impossible" thing happened instead of having the message completely
>>>> ignored - or mishandled as for example log.c would currently do.
>>>>
>>>> Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
>>>> ---
>>>>  lib/vsprintf.c | 10 +---------
>>>>  1 file changed, 1 insertion(+), 9 deletions(-)
>>>
>>> I think that is debatable. If we want the calling code to be fixed,
>>> then it needs to get an error code back. Otherwise the error will be
>>> apparent to the user but (perhaps) not ever debugged.
>>
>> But it is not the calling code that is at fault for the vsnprintf()
>> implementation (1) being able to fail and (2) actually encountering an
>> ENOMEM situation. There's _nothing_ the calling code can do about that.
> 
> include/vsnprintf.h states:
> 
> "This function follows C99 vsnprintf, but has some extensions:".

Happy to update that comment (which is copied from linux BTW, and in the
kernel there's a very simple rule: "This is printk. We want it to work."
- that extends to the workhorse vsnprintf() which is not allowed to take
locks or do allocations) with an amendment "... among which is that it
never returns a negative value."

> It is obvious that the calling code needs to be fixed if it cannot
> handle negative return values.
> 
> So NAK to the patch.

So you'd rather fix the ~200 places that use the return value assuming
it's non-negative, plus the unknown number of places that assume the
output buffer is a valid nul-terminated string after vsnprintf() returns?

And, again taking that %pD example, do you really rather want _nothing_
printed (which is the only thing log.c could sensibly do if vsnprintf()
returned something negative) in the rare case of allocation failure?

I must admit I completely fail to see how this can possibly be better
than improving the guarantees provided by U-Boot's vsnprintf()
implementation.

Rasmus

  parent reply	other threads:[~2021-05-21 14:40 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-20 10:05 [PATCH 0/5] assorted printf-related patches Rasmus Villemoes
2021-05-20 10:05 ` [PATCH 1/5] lib/vsprintf.c: make sure vsnprintf() never returns a negative value Rasmus Villemoes
2021-05-20 17:51   ` Simon Glass
2021-05-21 12:53     ` Rasmus Villemoes
2021-05-21 14:15       ` Heinrich Schuchardt
2021-05-21 14:27         ` Tom Rini
2021-05-21 14:42           ` Heinrich Schuchardt
2021-05-27 23:01             ` Rasmus Villemoes
2021-06-19 17:32               ` Simon Glass
2021-05-21 14:40         ` Rasmus Villemoes [this message]
2021-05-21 15:43           ` Heinrich Schuchardt
2021-05-21 14:48         ` Sean Anderson
2021-05-20 10:05 ` [PATCH 2/5] lib/vsprintf.c: implement printf() in terms of vprintf() Rasmus Villemoes
2021-05-20 17:51   ` Simon Glass
2021-05-20 10:05 ` [PATCH 3/5] lib/vsprintf.c: remove stale comment Rasmus Villemoes
2021-05-20 17:51   ` Simon Glass
2021-05-21 14:22   ` Heinrich Schuchardt
2021-05-20 10:05 ` [PATCH 4/5] lib/vsprintf.c: remove unused ip6_addr_string() Rasmus Villemoes
2021-05-20 17:51   ` Simon Glass
2021-05-21 14:32   ` Heinrich Schuchardt
2021-05-20 10:05 ` [PATCH 5/5] common/log.c: use vscnprintf() in log_dispatch() Rasmus Villemoes
2021-05-20 17:51   ` Simon Glass

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a0f67892-cdc5-3ce7-7f8c-578586dc849c@prevas.dk \
    --to=rasmus.villemoes@prevas.dk \
    --cc=sjg@chromium.org \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.