| Message ID | 20240211010441.8262-1-stephen@networkplumber.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | d06f6a3d1766b42cb0d93537a77c46cdcb877745 |
| Delegated to: | Stephen Hemminger |
| Headers | show |
| Series | [iproute2] tc: u32: check return value from snprintf | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Not a local patch |
On Sat, Feb 10, 2024 at 05:04:23PM -0800, Stephen Hemminger wrote: > Add assertion to check for case of snprintf failing (bad format?) > or buffer getting full. > > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Hi Stephen, Is there a bug report or something else that we only do the assertion for tc/f_u32.c? Thanks Hangbin > --- > tc/f_u32.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/tc/f_u32.c b/tc/f_u32.c > index 913ec1de435d..8a2413103906 100644 > --- a/tc/f_u32.c > +++ b/tc/f_u32.c > @@ -7,6 +7,7 @@ > * > */ > > +#include <assert.h> > #include <stdio.h> > #include <stdlib.h> > #include <unistd.h> > @@ -87,6 +88,7 @@ static char *sprint_u32_handle(__u32 handle, char *buf) > if (htid) { > int l = snprintf(b, bsize, "%x:", htid>>20); > > + assert(l > 0 && l < bsize); > bsize -= l; > b += l; > } > @@ -94,12 +96,14 @@ static char *sprint_u32_handle(__u32 handle, char *buf) > if (hash) { > int l = snprintf(b, bsize, "%x", hash); > > + assert(l > 0 && l < bsize); > bsize -= l; > b += l; > } > if (nodeid) { > int l = snprintf(b, bsize, ":%x", nodeid); > > + assert(l > 0 && l < bsize); > bsize -= l; > b += l; > } > -- > 2.43.0 >
On Mon, 12 Feb 2024 15:24:49 +0800 Hangbin Liu <liuhangbin@gmail.com> wrote: > On Sat, Feb 10, 2024 at 05:04:23PM -0800, Stephen Hemminger wrote: > > Add assertion to check for case of snprintf failing (bad format?) > > or buffer getting full. > > > > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> > > Hi Stephen, > > Is there a bug report or something else that we only do the assertion > for tc/f_u32.c? > > Thanks > Hangbin No bug, it is not possible to trigger with current code. Return of < 0 only happens with improper format string, and the overrun would only happen if buffer was not big enough The bsize is SPRINT_BUF() which is 64 bytes. It is more a way to avoid some code checker complaining in future.
On Sat, Feb 10, 2024 at 05:04:23PM -0800, Stephen Hemminger wrote: > Add assertion to check for case of snprintf failing (bad format?) > or buffer getting full. > > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Hello: This patch was applied to iproute2/iproute2.git (main) by Stephen Hemminger <stephen@networkplumber.org>: On Sat, 10 Feb 2024 17:04:23 -0800 you wrote: > Add assertion to check for case of snprintf failing (bad format?) > or buffer getting full. > > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> > --- > tc/f_u32.c | 4 ++++ > 1 file changed, 4 insertions(+) Here is the summary with links: - [iproute2] tc: u32: check return value from snprintf https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=d06f6a3d1766 You are awesome, thank you!
From: Stephen Hemminger <stephen@networkplumber.org> > Sent: 12 February 2024 16:54 > > On Mon, 12 Feb 2024 15:24:49 +0800 > Hangbin Liu <liuhangbin@gmail.com> wrote: > > > On Sat, Feb 10, 2024 at 05:04:23PM -0800, Stephen Hemminger wrote: > > > Add assertion to check for case of snprintf failing (bad format?) > > > or buffer getting full. > > > > > > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> > > > > Hi Stephen, > > > > Is there a bug report or something else that we only do the assertion > > for tc/f_u32.c? > > > > Thanks > > Hangbin > > No bug, it is not possible to trigger with current code. > Return of < 0 only happens with improper format string, > and the overrun would only happen if buffer was not big enough > The bsize is SPRINT_BUF() which is 64 bytes. > > It is more a way to avoid some code checker complaining in future. What are you testing? If you are testing snprintf() then maybe a check for <0 is sane. But otherwise it is a waste of time. FWIW do you know what (any) printf() function should return for (eg): int len = MAXINT; len = snprintf(NULL, 0, "%*s %*s", len, "abcd", len, "1234"); My brain doesn't think that a 'bad format' generates -1. You can get -1 from fprintf() (if a write() fails) which largely means that code looking at the result of fprintf() is broken. (You need to do fflush() and ferror() if you want to know if a write failed, and you can't reliably assume it is the length.) David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
diff --git a/tc/f_u32.c b/tc/f_u32.c index 913ec1de435d..8a2413103906 100644 --- a/tc/f_u32.c +++ b/tc/f_u32.c @@ -7,6 +7,7 @@ * */ +#include <assert.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> @@ -87,6 +88,7 @@ static char *sprint_u32_handle(__u32 handle, char *buf) if (htid) { int l = snprintf(b, bsize, "%x:", htid>>20); + assert(l > 0 && l < bsize); bsize -= l; b += l; } @@ -94,12 +96,14 @@ static char *sprint_u32_handle(__u32 handle, char *buf) if (hash) { int l = snprintf(b, bsize, "%x", hash); + assert(l > 0 && l < bsize); bsize -= l; b += l; } if (nodeid) { int l = snprintf(b, bsize, ":%x", nodeid); + assert(l > 0 && l < bsize); bsize -= l; b += l; }
Add assertion to check for case of snprintf failing (bad format?) or buffer getting full. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> --- tc/f_u32.c | 4 ++++ 1 file changed, 4 insertions(+)