Re: Wrong length / buffer overlow by the syslog syscall

From: Sylvain Munaut
Date: Wed Dec 05 2012 - 06:26:55 EST


> It happens on several machines and this only seem to happen if there
> was a wrap around in the log buffer (it's a first observation on a
> limited number of sample so it might be a coincidence)

I think the culprit is print_time and has nothing to do with wrap
around, just the uptime.

static size_t print_time(u64 ts, char *buf)
unsigned long rem_nsec;

if (!printk_time)
return 0;

if (!buf)
return 15;

rem_nsec = do_div(ts, 1000000000);
return sprintf(buf, "[%5lu.%06lu] ",
(unsigned long)ts, rem_nsec / 1000);

it assumes the time will always be 15 char which is wrong. The %5lu
only guarantees a _minimum_ length of 5 chars, but if ts is large
enough it can be 6,7,...
and indeed in my logs I see "[601678.426219] " which is 16 chars
(includes the space at the end).


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at