RE: [PATCH v2] checkpatch: add check for snprintf to scnprintf
From: David Laight
Date: Thu Feb 22 2024 - 17:30:58 EST
From: Justin Stitt
> Sent: 21 February 2024 22:12
>
> I am going to quote Lee Jones who has been doing some snprintf ->
> scnprintf refactorings:
>
> "There is a general misunderstanding amongst engineers that
> {v}snprintf() returns the length of the data *actually* encoded into the
> destination array. However, as per the C99 standard {v}snprintf()
> really returns the length of the data that *would have been* written if
> there were enough space for it. This misunderstanding has led to
> buffer-overruns in the past. It's generally considered safer to use the
> {v}scnprintf() variants in their place (or even sprintf() in simple
> cases). So let's do that."
While generally true, there are places that really do want to
detect (and error) overflow.
That isn't possible with scnprintf().
I'm not sure what the solution is though.
Having a function that returns a negative value on overflow is also
likely to get misused.
seq_printf() (or whatever it is called) may let you check,
but it is hardly a cheap wrapper and a bit of a PITA to use.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)