Re: [RFC PATCH 1/1] vsprintf: Warn on integer scanning overflows

From: Andy Shevchenko
Date: Thu Jun 08 2023 - 10:34:28 EST

Next message: Ilpo Järvinen: "Re: [PATCH V2 1/2] platform/x86/intel/pmc: Add resume callback"
Previous message: Alexander Duyck: "Re: Question about reserved_regions w/ Intel IOMMU"
Next in thread: Richard Weinberger: "Re: [RFC PATCH 1/1] vsprintf: Warn on integer scanning overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 08, 2023 at 12:37:55AM +0200, Richard Weinberger wrote:
> The scanf function family has no way to indicate overflows
> while scanning. As consequence users of these function have to make
> sure their input cannot cause an overflow.
> Since this is not always the case add WARN_ON_ONCE() guards to
> trigger a warning upon an overflow.

...

> if (prefix_chars < max_chars) {
> rv = _parse_integer_limit(cp, base, &result, max_chars - prefix_chars);
> + WARN_ON_ONCE(rv & KSTRTOX_OVERFLOW);

This seems incorrect. simple_strto*() are okay to overflow. It's by design.

> /* FIXME */

...and that's why this one is here.

> cp += (rv & ~KSTRTOX_OVERFLOW);
> } else {

--
With Best Regards,
Andy Shevchenko

Next message: Ilpo Järvinen: "Re: [PATCH V2 1/2] platform/x86/intel/pmc: Add resume callback"
Previous message: Alexander Duyck: "Re: Question about reserved_regions w/ Intel IOMMU"
Next in thread: Richard Weinberger: "Re: [RFC PATCH 1/1] vsprintf: Warn on integer scanning overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]