Re: [PATCH v3 0/3] staging: gdm72xx: Minor cleanup
From: Dan Carpenter
Date: Wed Apr 23 2014 - 05:09:32 EST
On Wed, Apr 23, 2014 at 12:05:57PM +0300, Dan Carpenter wrote:
> On Wed, Apr 23, 2014 at 04:49:26PM +0800, Michalis Pappas wrote:
> > Hi Dan, thanks for looking at this. From the above snippet I realize
> > that I wasn't aware of the strict flag, so significantly less errors
> > were produced.
> >
> > The issues I was referring to as pedantic are:
> >
> > WARNING: unchecked sscanf return value
> > #296: FILE: gdm_wimax.c:296:
> > + sscanf(e->dev->name, "wm%d", &idx);
> >
> > does this really need to be checked?
>
> Just check it. The code as is looks like a information leak (security
> vulnerability) until you realize that e->dev->name is probably a known,
> trusted string.
Btw, we saw a "fix" for this earlier which just printed an error
message. Don't do that. Assume that static checkers will soon start
complaining about the info leak instead of just looking at sscanf().
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/