Re: Coverity: console_prepend_dropped(): Memory - corruptions

From: Sergey Senozhatsky
Date: Tue Jan 17 2023 - 02:52:07 EST


On (23/01/17 08:16), John Ogness wrote:
> On 2023-01-17, Sergey Senozhatsky <senozhatsky@xxxxxxxxxxxx> wrote:
> > On (23/01/16 17:35), Petr Mladek wrote:
> >> len = snprintf(scratchbuf, scratchbuf_sz,
> >> "** %lu printk messages dropped **\n", dropped);
> >
> > Wouldn't
> >
> > if (WARN_ON_ONCE(len + PRINTK_PREFIX_MAX >= outbuf_sz))
> > return;
> >
> > prevent us from doing something harmful?
>
> Sure. But @0len is supposed to contain the number of bytes in
> @scratchbuf, which theoretically it does not. snprintf() is the wrong
> function to use here, even if there is not real danger in this
> situation.

Oh, yes, I agree that snprintf() should be replaced. Maybe we can go
even a bit furhter and replace all snprintf()-s in kernel/printk/*
(well, in a similar fashion, just in case). I'm just trying to understand
what type of assumptions does coverity make here and so far everything
looks rather peculiar.