From: Arnd Bergmann <arnd@arndb.de>
To: linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Guenter Roeck <linux@roeck-us.net>,
akpm@linux-foundation.org, netdev@vger.kernel.org,
"David S . Miller" <davem@davemloft.net>,
"James E . J . Bottomley" <jejb@linux.vnet.ibm.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
linux-scsi@vger.kernel.org, x86@kernel.org,
Arnd Bergmann <arnd@arndb.de>,
James Morris <james.l.morris@oracle.com>,
linux-cachefs@redhat.com
Subject: [PATCH 21/22] fscache: fix fscache_objlist_show format processing
Date: Fri, 14 Jul 2017 14:07:13 +0200 [thread overview]
Message-ID: <20170714120720.906842-22-arnd@arndb.de> (raw)
In-Reply-To: <20170714120720.906842-1-arnd@arndb.de>
gcc points out a minor bug in the handling of unknown
cookie types, which could result in a string overflow
when the integer is copied into a 3-byte string:
fs/fscache/object-list.c: In function 'fscache_objlist_show':
fs/fscache/object-list.c:265:19: error: 'sprintf' may write a terminating nul past the end of the destination [-Werror=format-overflow=]
sprintf(_type, "%02u", cookie->def->type);
^~~~~~
fs/fscache/object-list.c:265:4: note: 'sprintf' output between 3 and 4 bytes into a destination of size 3
This is currently harmless as no code sets a type other
than 0 or 1, but it makes sense to use snprintf() here
to avoid overflowing the array if that changes.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
fs/fscache/object-list.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/fscache/object-list.c b/fs/fscache/object-list.c
index 67f940892ef8..b5ab06fabc60 100644
--- a/fs/fscache/object-list.c
+++ b/fs/fscache/object-list.c
@@ -262,7 +262,8 @@ static int fscache_objlist_show(struct seq_file *m, void *v)
type = "DT";
break;
default:
- sprintf(_type, "%02u", cookie->def->type);
+ snprintf(_type, sizeof(_type), "%02u",
+ cookie->def->type);
type = _type;
break;
}
--
2.9.0
next prev parent reply other threads:[~2017-07-14 12:07 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-14 12:06 [PATCH 00/22] gcc-7 -Wformat-* warnings Arnd Bergmann
2017-07-14 12:06 ` [PATCH 01/22] kbuild: disable -Wformat-truncation warnings by default Arnd Bergmann
2017-07-14 12:06 ` [PATCH 02/22] scsi: megaraid: fix format-overflow warning Arnd Bergmann
2017-07-14 12:06 ` [PATCH 03/22] scsi: mpt3sas: fix format overflow warning Arnd Bergmann
2017-07-14 12:06 ` [PATCH 04/22] scsi: fusion: fix string " Arnd Bergmann
2017-07-17 9:17 ` David Laight
2017-07-17 12:00 ` Arnd Bergmann
2017-07-14 12:06 ` [PATCH 05/22] scsi: gdth: avoid buffer " Arnd Bergmann
2017-07-14 12:06 ` [PATCH 06/22] scsi: fnic: fix format string " Arnd Bergmann
2017-07-14 12:06 ` [PATCH 07/22] scsi: gdth: increase the procfs event buffer size Arnd Bergmann
2017-07-14 12:07 ` [PATCH 08/22] isdn: divert: fix sprintf buffer overflow warning Arnd Bergmann
2017-07-14 16:03 ` David Miller
2017-07-14 12:07 ` [PATCH 09/22] net: niu: fix format string overflow warning: Arnd Bergmann
2017-07-14 16:03 ` David Miller
2017-07-14 12:07 ` [PATCH 10/22] bnx2x: fix format overflow warning Arnd Bergmann
2017-07-14 16:03 ` David Miller
2017-07-14 12:07 ` [PATCH 11/22] net: thunder_bgx: avoid format string " Arnd Bergmann
2017-07-14 12:33 ` Robin Murphy
2017-07-14 16:03 ` David Miller
2017-07-14 12:07 ` [PATCH 12/22] vmxnet3: avoid format strint " Arnd Bergmann
2017-07-14 16:04 ` David Miller
2017-07-14 12:07 ` [PATCH 13/22] liquidio: fix possible eeprom format string overflow Arnd Bergmann
2017-07-14 16:04 ` David Miller
2017-07-14 22:40 ` Burla, Satananda
2017-07-14 12:07 ` [PATCH 14/22] [media] usbvision-i2c: fix format overflow warning Arnd Bergmann
2017-07-17 12:53 ` Hans Verkuil
2017-07-17 12:57 ` Arnd Bergmann
2017-07-17 12:59 ` Hans Verkuil
2017-07-14 12:07 ` [PATCH 15/22] hwmon: applesmc: fix format string overflow Arnd Bergmann
2017-07-14 14:06 ` Guenter Roeck
2017-07-14 12:07 ` [PATCH 16/22] x86: intel-mid: fix a format string overflow warning Arnd Bergmann
2017-07-14 12:07 ` [PATCH 17/22] platform/x86: alienware-wmi: fix " Arnd Bergmann
2017-07-14 18:30 ` Mario.Limonciello
2017-07-14 19:18 ` Andy Shevchenko
2017-07-14 19:37 ` Arnd Bergmann
2017-07-14 19:49 ` Andy Shevchenko
2017-07-14 12:07 ` [PATCH 18/22] gpio: acpi: fix string overflow for large pin numbers Arnd Bergmann
2017-07-14 12:52 ` Andy Shevchenko
2017-07-14 19:59 ` Arnd Bergmann
2017-07-14 12:07 ` [PATCH 19/22] block: DAC960: shut up format-overflow warning Arnd Bergmann
2017-07-14 14:04 ` Jens Axboe
2017-07-14 12:07 ` [PATCH 20/22] sound: pci: avoid string overflow warnings Arnd Bergmann
2017-07-14 12:28 ` Takashi Iwai
2017-07-18 11:52 ` Arnd Bergmann
2017-07-14 12:07 ` Arnd Bergmann [this message]
2017-07-14 12:07 ` [PATCH 22/22] IB/mlx4: fix sprintf format warning Arnd Bergmann
2017-07-14 13:48 ` Leon Romanovsky
2017-07-25 1:48 ` [PATCH 00/22] gcc-7 -Wformat-* warnings Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170714120720.906842-22-arnd@arndb.de \
--to=arnd@arndb.de \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=james.l.morris@oracle.com \
--cc=jejb@linux.vnet.ibm.com \
--cc=linux-cachefs@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=martin.petersen@oracle.com \
--cc=netdev@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).