[PATCH 0/7] Graceful snprintf truncation handling

From: Eric Sesterhenn
Date: Wed Oct 11 2017 - 04:28:37 EST


snprintf returns the number of bytes required to print the full
string, even if the string is truncated. If this return value
is used for calculations, the size parameter might underflow
as shown e.g. in afdb05e9d61905220f09268535235288e6ba3a16
This causes a warning in the next snprintf iteration, since
it checks that size < INT_MAX.
These patches prevent these warnings.

Eric Sesterhenn (7):
Handle snprintf calculations in x_tables
Handle snprintf calculation in stackglue
Fix snprintf calculation in filecheck
Prevent u32_format_array from returning a size too big
Handle snprintf calulation more graceful in v9fs
Handle snprintf truncation in msm_perf more gracefully
Handle snprintf truncation more graceful in thunderx_edac

drivers/edac/thunderx_edac.c | 2 ++
drivers/gpu/drm/msm/msm_perf.c | 12 +++++++-----
fs/9p/v9fs.c | 4 ++++
fs/debugfs/file.c | 3 +++
fs/ocfs2/filecheck.c | 2 +-
fs/ocfs2/stackglue.c | 2 +-
net/netfilter/x_tables.c | 2 ++
7 files changed, 20 insertions(+), 7 deletions(-)

--
Eric Sesterhenn (Principal Security Consultant)
X41 D-SEC GmbH, Dennewartstr. 25-27, D-52068 Aachen
T: +49 241 9809418-0, Fax: -9
Unternehmenssitz: Aachen, Amtsgericht Aachen: HRB19989
GeschÃftsfÃhrer: Markus Vervier

Attachment: signature.asc
Description: OpenPGP digital signature