Re: [PATCH v6 8/9] vsprintf: Prevent crash when dereferencing invalid pointers

From: Sergey Senozhatsky
Date: Tue Feb 19 2019 - 09:15:24 EST


On (02/19/19 15:49), Andy Shevchenko wrote:
> > On (02/19/19 13:02), Andy Shevchenko wrote:
> > [..]
> > > And if it's not? You will get in either case incomplete information,
> > > but at least with "(e" (or even "(") you might get a clue that it
> > > errornous conditions.
> >
> > The thing I'm signaling here is that in some cases we still can
> > crash the kernel; with the difference that invalid dereference
> > can now be a memory corruption. Just saying.
>
> Wouldn't that mean that the culprit in the caller, not in the callee?
>
> (As far as I got your another example with badly called sprintf() which may
> overwrite stack, etc).

ipv4 printout case does not look like a caller bug to me: we expect a 15
bytes ipv4 address, allocate a 16 bytes buffer, sprintf() voluntarily
writes 18 bytes. This error reporting is a bit of a dangerous practice;
next year someone might add another specifier and another

return string(buf, end, "(this data does not look right)", spec);

We probably would want to do something about it. For instance, mandating
that "(error)" string cannot be larger than 8 bytes can be a good starting
point.

-ss