Re: [PATCH 07/12] driver/char: use correct format characters
From: Greg Kroah-Hartman
Date: Fri Jun 10 2022 - 01:19:06 EST
On Thu, Jun 09, 2022 at 10:16:26PM +0000, Bill Wendling wrote:
> From: Bill Wendling <isanbard@xxxxxxxxx>
Why isn't that matching your From: line in the email?
>
> When compiling with -Wformat, clang emits the following warnings:
Is that ever a default build option for the kernel?
>
> drivers/char/mem.c:775:16: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
> NULL, devlist[minor].name);
> ^~~~~~~~~~~~~~~~~~~
>
> Use a string literal for the format string.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/378
> Signed-off-by: Bill Wendling <isanbard@xxxxxxxxx>
> ---
> drivers/char/mem.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/mem.c b/drivers/char/mem.c
> index 84ca98ed1dad..32d821ba9e4d 100644
> --- a/drivers/char/mem.c
> +++ b/drivers/char/mem.c
> @@ -772,7 +772,7 @@ static int __init chr_dev_init(void)
> continue;
>
> device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
> - NULL, devlist[minor].name);
> + NULL, "%s", devlist[minor].name);
Please explain how this static string can ever be user controlled.
thanks,
greg k-h