Re: [PATCH v2 1/7] scripts: modpost: detect and report truncated buf_printf() output

[Nathan Chancellor]

On Wed, May 27, 2026 at 08:52:17PM +0900, Alexandre Courbot wrote:
> buf_printf() uses a fixed-size stack buffer. vsnprintf() returns the
> number of bytes that *would* have been written to that buffer, which can
> be larger than the size of said buffer if the formatted string is too
> long.
> 
> The problem is that whenever this happens buf_printf() currently passes
> this length, unchecked, to buf_write(), which silently reads past the
> stack buffer and copies invalid data into the output buffer.
> 
> Fix this by detecting vsnprintf() failures and truncations before
> appending to the output buffer, and report a fatal error instead of
> producing corrupt symbol names.
> 
> Signed-off-by: Alexandre Courbot <acourbot@xxxxxxxxxx>

Acked-by: Nathan Chancellor <nathan@xxxxxxxxxx>

> ---
>  scripts/mod/modpost.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> index abbcd3fc1394..0d2f1f09019b 100644
> --- a/scripts/mod/modpost.c
> +++ b/scripts/mod/modpost.c
> @@ -1689,8 +1689,17 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
>  
>  	va_start(ap, fmt);
>  	len = vsnprintf(tmp, SZ, fmt, ap);
> -	buf_write(buf, tmp, len);
>  	va_end(ap);
> +
> +	if (len < 0) {
> +		perror("vsnprintf failed");
> +		exit(1);
> +	}
> +	if (len >= SZ)
> +		fatal("buf_printf output truncated for string %s: %d bytes needed, %d available\n",
> +		      tmp, len + 1, SZ);
> +
> +	buf_write(buf, tmp, len);
>  }
>  
>  void buf_write(struct buffer *buf, const char *s, int len)
> 
> -- 
> 2.54.0
> 

-- 
Cheers,
Nathan