linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: David Laight <David.Laight@ACULAB.COM>
To: "'Maciej W. Rozycki'" <macro@orcam.me.uk>, Joe Perches <joe@perches.com>
Cc: Khalid Aziz <khalid@gonehiking.org>,
	"James E.J. Bottomley" <jejb@linux.ibm.com>,
	"Martin K. Petersen" <martin.petersen@oracle.com>,
	Christoph Hellwig <hch@lst.de>,
	"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: RE: [PATCH 1/5] scsi: BusLogic: Fix missing `pr_cont' use
Date: Sat, 17 Apr 2021 11:39:28 +0000	[thread overview]
Message-ID: <6679310a77984cc0af9f48f5616b840c@AcuMS.aculab.com> (raw)
In-Reply-To: <alpine.DEB.2.21.2104161224300.44318@angie.orcam.me.uk>

From: Maciej W. Rozycki
> Sent: 16 April 2021 11:49
> 
> On Thu, 15 Apr 2021, Joe Perches wrote:
> 
> > In patch 2, vscnprintf should probably be used to make sure it's
> > 0 terminated.
> 
>  Why?  C99 has this[1]:
> 
> "The vsnprintf function is equivalent to snprintf, with the variable
> argument list replaced by arg, which shall have been initialized by the
> va_start macro (and possibly subsequent va_arg calls)."

vscnprintf() is normally the function you want (not vsnprintf())
because the return value is the number of characters actually
put into the buffer, not the number that would have been written
had the buffer been long enough.
Return values larger than the buffer size are almost never
allowed for - and are probably a set of 'buffer overflow' bugs.

While probably justified by saying that it lets you malloc()
a big enough buffer and try again, the return value is almost
certainly just historic.

The original sprintf() libc code allocated a FILE structure on
stack set to fully-buffered with the current buffer pointer set
to the caller's buffer and a buffer length of MAXINT.
It then just called vprintf() to do the work.

snprintf() was done the same way, except the buffer length was
set and the 'write character' (or 'flush buffer') function
intercepted to avoid writes beyond the buffer end.
(Possibly by re-routing the writes to a global buffer.)
The return value from vprintf() gets returned to the user.

The Unix versions have always '\0' terminated the buffer.
Only Microsoft has ever released an snprintf() that doesn't
'\0' terminate the output - another source of bugs.

Personally I think bounded string functions should
return the buffer size on overflow.
This means sequences of:
	offset += xxx(buf + offset, sizeof buf - offset, ...);
are safe and the overflow can be detected right at the end.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)


  parent reply	other threads:[~2021-04-17 11:39 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-14 22:38 [PATCH 0/5] Bring the BusLogic host bus adapter driver up to Y2021 Maciej W. Rozycki
2021-04-14 22:39 ` [PATCH 1/5] scsi: BusLogic: Fix missing `pr_cont' use Maciej W. Rozycki
2021-04-16  2:08   ` Joe Perches
2021-04-16 10:48     ` Maciej W. Rozycki
2021-04-16 14:02       ` Joe Perches
2021-04-16 14:28         ` Maciej W. Rozycki
2021-04-16 15:12           ` Joe Perches
2021-04-17 11:39       ` David Laight [this message]
2021-04-17 14:01         ` Maciej W. Rozycki
2021-04-16 20:41     ` Khalid Aziz
2021-04-17  0:09       ` Joe Perches
2021-04-16 19:34   ` Khalid Aziz
2021-04-14 22:39 ` [PATCH 2/5] scsi: BusLogic: Avoid unbounded `vsprintf' use Maciej W. Rozycki
2021-04-16 19:54   ` Khalid Aziz
2021-04-14 22:39 ` [PATCH 3/5] scsi: Provide for avoiding trailing allocation length with VPD inquiries Maciej W. Rozycki
2021-04-14 22:39 ` [PATCH 4/5] scsi: Avoid using reserved length byte " Maciej W. Rozycki
2021-04-14 22:39 ` [PATCH 5/5] scsi: Set allocation length to 255 for ATA Information VPD page Maciej W. Rozycki
2021-04-15 12:42   ` Nix
2021-04-16 15:18     ` Maciej W. Rozycki
2021-04-16 19:36 ` [PATCH 0/5] Bring the BusLogic host bus adapter driver up to Y2021 Khalid Aziz
2021-04-16 21:25   ` Maciej W. Rozycki
2021-04-18 20:21     ` Ondrej Zary
2021-04-19 15:06       ` Khalid Aziz
2021-04-19 16:01         ` Maciej W. Rozycki
2021-04-20  2:16           ` Khalid Aziz
2021-04-20 18:02             ` Maciej W. Rozycki
2021-04-22  2:36               ` Khalid Aziz
2021-04-22 16:27                 ` Maciej W. Rozycki
2021-04-22 18:07                   ` Khalid Aziz
2021-04-22 23:19                     ` Maciej W. Rozycki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6679310a77984cc0af9f48f5616b840c@AcuMS.aculab.com \
    --to=david.laight@aculab.com \
    --cc=hch@lst.de \
    --cc=jejb@linux.ibm.com \
    --cc=joe@perches.com \
    --cc=khalid@gonehiking.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=macro@orcam.me.uk \
    --cc=martin.petersen@oracle.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).