Re: [PATCH v2 1/7] scripts: modpost: detect and report truncated buf_printf() output

Next message: Pavitra Jha: "[PATCH v2] ceph: fix bare ceph_decode_8 OOB in decode_lockers()"
Previous message: Linus Walleij: "Re: [PATCH v1 2/3] rtc: ab8500: Simplify driver_data handling"
In reply to: Nathan Chancellor: "Re: [PATCH v2 1/7] scripts: modpost: detect and report truncated buf_printf() output"
Next in thread: Nathan Chancellor: "Re: [PATCH v2 1/7] scripts: modpost: detect and report truncated buf_printf() output"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexandre Courbot

Date: Thu May 28 2026 - 09:29:03 EST

Hi Nathan,

On Thu May 28, 2026 at 2:18 AM JST, Nathan Chancellor wrote:
> On Wed, May 27, 2026 at 08:52:17PM +0900, Alexandre Courbot wrote:
>> buf_printf() uses a fixed-size stack buffer. vsnprintf() returns the
>> number of bytes that *would* have been written to that buffer, which can
>> be larger than the size of said buffer if the formatted string is too
>> long.
>>
>> The problem is that whenever this happens buf_printf() currently passes
>> this length, unchecked, to buf_write(), which silently reads past the
>> stack buffer and copies invalid data into the output buffer.
>>
>> Fix this by detecting vsnprintf() failures and truncations before
>> appending to the output buffer, and report a fatal error instead of
>> producing corrupt symbol names.
>>
>> Signed-off-by: Alexandre Courbot <acourbot@xxxxxxxxxx>
>
> Acked-by: Nathan Chancellor <nathan@xxxxxxxxxx>

If that works for you, can you take this patch through the build tree?
I've included it in this series because it detects the issue that the
series fixes, but it is not a dependency for the next patches. I just
wanted to include it for context.