[PATCH 2/2] vsprintf: Stop using obsolete simple_strtoul()
From: Thomas Preston
Date: Tue Dec 11 2018 - 10:21:34 EST
Stop using the obsolete functions simple_strtoul() and
simple_strtoull(). Instead, we should use the improved kstrtol() and
kstrtoll() functions. To do this, we must copy the current field into a
null-terminated tmpstr and advance the variable `next` manually.
The width of tmpstr has been chosen because no integer field can be
larger than 22 characters (ULLONG_MAX in octal), plus sign, radix,
new-line, null-terminator and some extra for alignment.
This patch fixes a bug with vsscanf. If passing sscan a 16-digit
hex-string like so:
sscanf("fafafafa0b0b0b0b", "%8x%8x", &hi, &lo)
then the result comes out with hi always being 0.
The issue is that the code calls simple_strtoul() which consumes up
to 16-digits but only returns an unsigned long (8 hex digits on ARM).
The vsscanf() code then checks and finds that the field_width of 8 was
greater than the 16 consumed characters and tries to fix this by:
while (next - str > field_width) {
if (is_sign)
val.s = div_s64(val.s, base);
else
val.u = div_u64(val.u, base);
--next;
}
However val.{s,u} is already trunacted from the simple_strtoul call
and all that happens is the value gets divided down to zero.
Signed-off-by: Thomas Preston <thomas.preston@xxxxxxxxxxxxxxx>
Signed-off-by: Ben Dooks <ben.dooks@xxxxxxxxxxxxxxx>
---
lib/vsprintf.c | 36 ++++++++++++++++++++++++++++--------
1 file changed, 28 insertions(+), 8 deletions(-)
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index bbf2ac734711..ec23e18e8cc6 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -47,6 +47,8 @@
#include <linux/string_helpers.h>
#include "kstrtox.h"
+#define INT_BUF_LEN 28
+
/**
* simple_strtoull - convert a string to an unsigned long long
* @cp: The start of the string
@@ -2914,7 +2916,9 @@ int vsscanf(const char *buf, const char *fmt, va_list args)
u8 qualifier;
unsigned int base;
union {
+ long sl;
long long sll;
+ unsigned long ul;
unsigned long long ull;
} val;
s16 field_width;
@@ -3119,14 +3123,30 @@ int vsscanf(const char *buf, const char *fmt, va_list args)
|| (base == 0 && !isdigit(digit)))
break;
- if (is_sign)
- val.sll = qualifier != 'L' ?
- simple_strtol(str, &next, base) :
- simple_strtoll(str, &next, base);
- else
- val.ull = qualifier != 'L' ?
- simple_strtoul(str, &next, base) :
- simple_strtoull(str, &next, base);
+ if (unlikely((field_width+1) > INT_BUF_LEN))
+ return num;
+
+ if (field_width > 0) {
+ char tmpstr[INT_BUF_LEN];
+ int ret;
+
+ strscpy(tmpstr, str, field_width+1);
+
+ if (is_sign)
+ if (qualifier != 'L')
+ ret = kstrtol(tmpstr, base, &val.sl);
+ else
+ ret = kstrtoll(tmpstr, base, &val.sll);
+ else
+ if (qualifier != 'L')
+ ret = kstrtoul(tmpstr, base, &val.ul);
+ else
+ ret = kstrtoull(tmpstr, base, &val.ull);
+ if (ret < 0)
+ return num;
+
+ }
+ next = (char *)str + field_width;
if (field_width > 0 && next - str > field_width) {
if (base == 0)
--
2.11.0