Re: [PATCH v3 1/2] lib/vsprintf: Fix to check field_width and precision

[David Laight]

On Tue, 24 Mar 2026 17:45:49 +0100
Petr Mladek <pmladek@xxxxxxxx> wrote:

> On Mon 2026-03-23 13:59:05, David Laight wrote:
...
> > I've also just fixed nolibc's handling of %*.*s (which is in 'next' since
> > I only wrote it recently), the above is actually broken.
> > Negative 'precision' (all values) are fine, they just request the default.  
> 
> Great catch! We should clamp the precision to (0, PRECISION_MAX). But we
> should warn only when it is outside of (-PRECISION_MAX, PRECISION_MAX).

No, you are going to clamp it needs to be to (-1, PRECISION_MAX);
but max(precision, PRECISION_MAX) if fine now the value is being saved
in an int.
And there is no need to warn about changing negative values - they
all mean exactly the same thing.
There isn't actually any need to worry about large precision values
for %s - they request truncation, precision only increases the output
for numbers.

> 
> > So the patch needs a big fat NACK...  
> 
> What is an acceptable solution then, please?

You could do:
	spec->precision = clamp(prec, -1, PRECISION_MAX);
	if (spec->precision < prec)
		WARN(...);

	David

> 
> Frankly, I would like to stay on earth. This started as a simple fix
> of a regression added a year ago. For me, any solution which
> restores the year old behavior is good enough.
> 
> We might need to find another volunteer to implement a better
> solution, e.g. the new non-panicing MSG_AND_BT() macro.
> 
> Alternatively, we could remove the WARN_ONCE() completely.
> It looks acceptable for me. But Rasmus would need to agree as well.
> 
> Best Regards,
> Petr