+ lib-string_helpers-fix-potential-snprintf-output-truncation.patch added to mm-hotfixes-unstable branch
The patch titled Subject: lib: string_helpers: fix potential snprintf() output truncation has been added to the -mm mm-hotfixes-unstable branch. Its filename is lib-string_helpers-fix-potential-snprintf-output-truncation.patch
This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches...
This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days
------------------------------------------------------ From: Bartosz Golaszewski bartosz.golaszewski@linaro.org Subject: lib: string_helpers: fix potential snprintf() output truncation Date: Mon, 21 Oct 2024 11:14:17 +0200
The output of ".%03u" with the unsigned int in range [0, 4294966295] may get truncated if the target buffer is not 12 bytes.
Link: https://lkml.kernel.org/r/20241021091417.37796-1-brgl@bgdev.pl Fixes: 3c9f3681d0b4 ("[SCSI] lib: add generic helper to print sizes rounded to the correct SI range") Signed-off-by: Bartosz Golaszewski bartosz.golaszewski@linaro.org Reviewed-by: Andy Shevchenko andy@kernel.org Cc: James E.J. Bottomley James.Bottomley@HansenPartnership.com Cc: Kees Cook kees@kernel.org Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org ---
lib/string_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/string_helpers.c~lib-string_helpers-fix-potential-snprintf-output-truncation +++ a/lib/string_helpers.c @@ -57,7 +57,7 @@ int string_get_size(u64 size, u64 blk_si static const unsigned int rounding[] = { 500, 50, 5 }; int i = 0, j; u32 remainder = 0, sf_cap; - char tmp[8]; + char tmp[12]; const char *unit;
tmp[0] = '\0'; _
Patches currently in -mm which might be from bartosz.golaszewski@linaro.org are
lib-string_helpers-fix-potential-snprintf-output-truncation.patch
On Wed, 2024-10-23 at 19:52 -0700, Andrew Morton wrote:
The patch titled Subject: lib: string_helpers: fix potential snprintf() output truncation has been added to the -mm mm-hotfixes-unstable branch. Its filename is lib-string_helpers-fix-potential-snprintf-output- truncation.patch
This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches...
This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days
From: Bartosz Golaszewski bartosz.golaszewski@linaro.org Subject: lib: string_helpers: fix potential snprintf() output truncation Date: Mon, 21 Oct 2024 11:14:17 +0200
The output of ".%03u" with the unsigned int in range [0, 4294966295] may get truncated if the target buffer is not 12 bytes.
I think we all agree the explanation isn't accurate: remainder will be between 0-999 (not range [0, 4294966295]) which means that the string will only ever be 5 bytes (including leading zero).
This might be required to correct a compiler false warning, but if it is applied, the patch description should say this.
James
On Wed, 23 Oct 2024 23:08:46 -0400 James Bottomley James.Bottomley@HansenPartnership.com wrote:
The output of ".%03u" with the unsigned int in range [0, 4294966295] may get truncated if the target buffer is not 12 bytes.
I think we all agree the explanation isn't accurate: remainder will be between 0-999 (not range [0, 4294966295]) which means that the string will only ever be 5 bytes (including leading zero).
This might be required to correct a compiler false warning, but if it is applied, the patch description should say this.
Thanks, I've added a note-to-self that a new version is expected.
linux-stable-mirror@lists.linaro.org
-
Andrew Morton -
James Bottomley