From: Dan Carpenter <dan.carpenter@oracle.com>
To: Michalis Pappas <mpappas@fastmail.fm>
Cc: devel@driverdev.osuosl.org, Greg KH <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 0/3] staging: gdm72xx: Minor cleanup
Date: Wed, 23 Apr 2014 12:09:04 +0300 [thread overview]
Message-ID: <20140423090904.GV26890@mwanda> (raw)
In-Reply-To: <20140423090557.GU26890@mwanda>
On Wed, Apr 23, 2014 at 12:05:57PM +0300, Dan Carpenter wrote:
> On Wed, Apr 23, 2014 at 04:49:26PM +0800, Michalis Pappas wrote:
> > Hi Dan, thanks for looking at this. From the above snippet I realize
> > that I wasn't aware of the strict flag, so significantly less errors
> > were produced.
> >
> > The issues I was referring to as pedantic are:
> >
> > WARNING: unchecked sscanf return value
> > #296: FILE: gdm_wimax.c:296:
> > + sscanf(e->dev->name, "wm%d", &idx);
> >
> > does this really need to be checked?
>
> Just check it. The code as is looks like a information leak (security
> vulnerability) until you realize that e->dev->name is probably a known,
> trusted string.
Btw, we saw a "fix" for this earlier which just printed an error
message. Don't do that. Assume that static checkers will soon start
complaining about the info leak instead of just looking at sscanf().
regards,
dan carpenter
next prev parent reply other threads:[~2014-04-23 9:09 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-21 8:34 [PATCH 0/3] staging: gdm72xx: Minor cleanup Michalis Pappas
2014-03-21 8:36 ` [PATCH 1/3] staging: gdm72xx: Coding style fixes Michalis Pappas
2014-03-21 8:37 ` [PATCH 2/3] staging: gdm72xx: Removed task from TODO list Michalis Pappas
2014-03-21 8:39 ` [PATCH 3/3] staging: gdm72xx: Removed direct comparisons on jiffies Michalis Pappas
2014-04-18 22:52 ` [PATCH 0/3] staging: gdm72xx: Minor cleanup Greg KH
2014-04-20 3:34 ` [PATCH v2 " Michalis Pappas
2014-04-20 3:35 ` [PATCH v2 1/3] " Michalis Pappas
2014-04-20 3:36 ` [PATCH v2 2/3] " Michalis Pappas
2014-04-22 9:32 ` Dan Carpenter
2014-04-20 3:37 ` [PATCH v2 3/3] " Michalis Pappas
2014-04-22 9:37 ` Dan Carpenter
2014-04-23 0:39 ` [PATCH v3 0/3] " Michalis Pappas
2014-04-23 0:40 ` [PATCH v3 1/3] staging: gdm72xx: Coding style fixes Michalis Pappas
2014-04-23 0:44 ` [PATCH v3 2/3] staging: gdm72xx: Removed completed task from TODO list Michalis Pappas
2014-04-23 0:45 ` [PATCH v3 3/3] staging: gdm72xx: Removed direct comparisons on jiffies Michalis Pappas
2014-04-23 8:04 ` [PATCH v3 0/3] staging: gdm72xx: Minor cleanup Dan Carpenter
2014-04-23 8:49 ` Michalis Pappas
2014-04-23 9:05 ` Dan Carpenter
2014-04-23 9:09 ` Dan Carpenter [this message]
2014-04-29 2:03 ` [PATCH v4 0/3] staging: gdm72xx: Code cleanup Michalis Pappas
2014-04-29 2:05 ` [PATCH v4 1/10] staging: gdm72xx: Removed unnecessary extern declarations from header files Michalis Pappas
2014-04-29 2:07 ` [PATCH v4 2/10] staging: gdm72xx: Replaced comparisons on jiffies values with wrap-safe functions Michalis Pappas
2014-04-29 2:09 ` [PATCH v4 3/10] staging: gdm72xx: Modified struct allocation to match coding standards Michalis Pappas
2014-04-29 2:11 ` [PATCH v4 4/10] staging: gdm72xx: Moved logical continuation to previous line to conform to coding style Michalis Pappas
2014-04-29 2:13 ` [PATCH v4 5/10] staging: gdm72xx: Fixed some camelCase variables Michalis Pappas
2014-04-29 2:15 ` [PATCH v4 6/10] staging: gdm72xx: Fixed some braces to conform with coding style Michalis Pappas
2014-04-29 2:17 ` [PATCH v4 7/10] staging: gdm72xx: Removed commented-out code Michalis Pappas
2014-04-29 2:20 ` [PATCH v4 8/10] staging: gdm72xx: Whitespace fixes to conform to coding standards Michalis Pappas
2014-04-29 2:22 ` [PATCH v4 9/10] staging: gdm72xx: Indentation and other whitespace fixes Michalis Pappas
2014-04-29 2:23 ` [PATCH v4 10/10] staging: gdm72xx: Removed task from TODO list Michalis Pappas
2014-05-09 10:05 ` [PATCH v5 0/10] staging: gdm72xx: Code cleanup Michalis Pappas
2014-05-09 10:08 ` [PATCH v5 01/10] staging: gdm72xx: Remove unnecessary extern declarations from header files Michalis Pappas
2014-05-09 10:08 ` [PATCH v5 02/10] staging: gdm72xx: Replace comparisons on jiffies values with wrap-safe functions Michalis Pappas
2014-05-09 10:08 ` [PATCH v5 03/10] staging: gdm72xx: Modify a struct allocation to match coding standards Michalis Pappas
2014-05-09 10:08 ` [PATCH v5 04/10] staging: gdm72xx: Move logical continuation to previous line to conform to coding style Michalis Pappas
2014-05-09 10:08 ` [PATCH v5 05/10] staging: gdm72xx: Fix some camel-case variables Michalis Pappas
2014-05-09 10:08 ` [PATCH v5 06/10] staging: gdm72xx: Fix braces to conform with coding style Michalis Pappas
2014-05-09 10:08 ` [PATCH v5 07/10] staging: gdm72xx: Removed commented-out code Michalis Pappas
2014-05-09 10:08 ` [PATCH v5 08/10] staging: gdm72xx: Whitespace fixes to conform to coding standards Michalis Pappas
2014-05-09 10:08 ` [PATCH v5 09/10] staging: gdm72xx: Indentation and other whitespace fixes Michalis Pappas
2014-05-09 10:08 ` [PATCH v5 10/10] staging: gdm72xx: Remove task from TODO list Michalis Pappas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140423090904.GV26890@mwanda \
--to=dan.carpenter@oracle.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpappas@fastmail.fm \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).