[PATCH v3 0/2] lib/vsprintf: Fixes size check

Next message: Oskar Gerlicz Kowalczuk: "[PATCH v3 3/5] liveupdate: fail session restore on file deserialization errors"
Previous message: Manivannan Sadhasivam: "Re: [PATCH v2] PCI: dwc: rcar-gen4: Use 4K EPC BAR alignment"
Next in thread: Masami Hiramatsu (Google): "[PATCH v3 1/2] lib/vsprintf: Fix to check field_width and precision"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Masami Hiramatsu (Google)

Date: Sat Mar 21 2026 - 10:41:14 EST

Hi,

Here is the 3rd version of patches to fix vsnprintf().

- Fix to limit the size of width and precision.
- Warn if the return size is over INT_MAX.

Previous version is here;

https://lore.kernel.org/all/177397887883.33018.9867883986177366222.stgit@devnote2/

In this version, check and update witdth and precision before assigning to spec
data structure [1/2] and use a local variable to be better readability [2/2].

Recently we discussed snprintf() usage in bootconfig and found snprintf()
design has a problem[1]. It returns the required or printed size in 'int'
but the maxlen is passed by 'size_t'. The maxlen is already limited by
INT_MAX, but if the expected print size becomes bigger than INT_MAX,
it can return negative value. We also found width and precision size check
does not work.

[1] https://lore.kernel.org/all/20260317121507.30735331@xxxxxxxxxxxxxxxxxx/

Thank you,

---

Masami Hiramatsu (Google) (2):
lib/vsprintf: Fix to check field_width and precision
lib/vsprintf: Limit the returning size to INT_MAX

lib/vsprintf.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)

--
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>