Re: [PATCH v1 2/6] lib: scanf: handle integer overflows in vsscanf

From: Konstantin Khlebnikov
Date: Mon Mar 11 2019 - 03:22:36 EST

Next message: Daniel Baluta: "Re: [PATCH v2] ASoC: fsl: sai: Fix underrrun for playback stream start"
Previous message: Dan Carpenter: "Re: [PATCH] serial: sh-sci: Missing uart_unregister_driver() on error in sci_probe_single()"
In reply to: Linus Torvalds: "Re: [PATCH v1 2/6] lib: scanf: handle integer overflows in vsscanf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11.03.2019 0:52, Linus Torvalds wrote:

On Sun, Mar 10, 2019 at 2:06 PM Rasmus Villemoes
<linux@xxxxxxxxxxxxxxxxxx> wrote:

IIRC, this has been attempted before, causing a userspace regression
because some sysfs/procfs file matched with %u or %x, and somebody wrote
-1 to get 0xffffffff .

.. which is correct anyway. That's how scanf is supposed to work.

Well. In this case '%u' sscanf in kernel is already broken.
%u does not accept minus sign and looks like never does.

'is_sign' is set only for %d and %i,
without it string couldn't pass initial check of first "digit".

More over simple_strtoul never accepted '-'.

Glibc version indeed accepts '-1' as %u and returns 0xFFFFFFFF
which isn't in manpage:' optionally signed' mentioned only for %d and %i.
But this explicitly mentioned in manpage for 'stroul'.

If somebody needs overflow checking, they shouldn't be using scanf.

Linus

Next message: Daniel Baluta: "Re: [PATCH v2] ASoC: fsl: sai: Fix underrrun for playback stream start"
Previous message: Dan Carpenter: "Re: [PATCH] serial: sh-sci: Missing uart_unregister_driver() on error in sci_probe_single()"
In reply to: Linus Torvalds: "Re: [PATCH v1 2/6] lib: scanf: handle integer overflows in vsscanf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]