Re: [PATCH v4 3/6] can: etas_es58x: export product information through devlink_ops::info_get()

From: Andrew Lunn
Date: Sat Nov 26 2022 - 12:16:46 EST


> +struct es58x_sw_version {
> + u8 major;
> + u8 minor;
> + u8 revision;
> +};

> +static int es58x_devlink_info_get(struct devlink *devlink,
> + struct devlink_info_req *req,
> + struct netlink_ext_ack *extack)
> +{
> + struct es58x_device *es58x_dev = devlink_priv(devlink);
> + struct es58x_sw_version *fw_ver = &es58x_dev->firmware_version;
> + struct es58x_sw_version *bl_ver = &es58x_dev->bootloader_version;
> + struct es58x_hw_revision *hw_rev = &es58x_dev->hardware_revision;
> + char buf[max(sizeof("xx.xx.xx"), sizeof("axxx/xxx"))];
> + int ret = 0;
> +
> + if (es58x_sw_version_is_set(fw_ver)) {
> + snprintf(buf, sizeof(buf), "%02u.%02u.%02u",
> + fw_ver->major, fw_ver->minor, fw_ver->revision);

I see you have been very careful here, but i wonder if you might still
get some compiler/static code analyser warnings here. As far as i
remember %02u does not limit it to two characters. If the number is
bigger than 99, it will take three characters. And your types are u8,
so the compiler could consider these to be 3 characters each. So you
end up truncating. Which you look to of done correctly, but i wonder
if some over zealous checker will report it? Maybe consider
"xxx.xxx.xxx"?

Nice paranoid code by the way. I'm not the best at spotting potential
buffer overflows, but this code looks good. The only question i had
left was how well sscanf() deals with UTF-8.

Andrew