Re: [PATCH] crypto: hisilicon/hpre - Fix a erroneous check after snprintf()

From: Dan Carpenter
Date: Thu Sep 07 2023 - 12:45:46 EST

Next message: Filipe Manana: "Re: [PATCH AUTOSEL 6.1 2/4] btrfs: return real error when orphan cleanup fails due to a transaction abort"
Previous message: Linus Walleij: "Re: [PATCH 13/21] hte: tegra194: improve the GPIO-related comment"
In reply to: liulongfang: "Re: [PATCH] crypto: hisilicon/hpre - Fix a erroneous check after snprintf()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 05, 2023 at 07:27:47AM +0200, Marion & Christophe JAILLET wrote:
> >
> > The other snprintf in the same file also looks suspect.
>
> It looks correct to me.
>
> And HPRE_DBGFS_VAL_MAX_LEN being 20, it doesn't really matter. The string
> can't be truncated with just a "%u\n".
>

drivers/crypto/hisilicon/hpre/hpre_main.c
884 ret = snprintf(tbuf, HPRE_DBGFS_VAL_MAX_LEN, "%u\n", val);
885 return simple_read_from_buffer(buf, count, pos, tbuf, ret);

You can't pass the return value from snprintf() to simple_read_from_buffer().
Otherwise the snprintf() checking turned a sprintf() write overflow into
a read overflow, which is less bad but not ideal. It needs to be
scnprintf().

regards,
dan carpenter

Next message: Filipe Manana: "Re: [PATCH AUTOSEL 6.1 2/4] btrfs: return real error when orphan cleanup fails due to a transaction abort"
Previous message: Linus Walleij: "Re: [PATCH 13/21] hte: tegra194: improve the GPIO-related comment"
In reply to: liulongfang: "Re: [PATCH] crypto: hisilicon/hpre - Fix a erroneous check after snprintf()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]