Re: [PATCH 2/2] mm, cma: use literal printf format string

From: Zi Yan
Date: Mon Feb 24 2025 - 09:35:06 EST

Next message: Alexandre Mergnat: "Re: [PATCH] dt-bindings: usb: mtu3: Add ports property"
Previous message: Alexander Stein: "[PATCH v2 6/6] arm64: dts: tqma9352-mba93xxca: Add LVDS overlay"
In reply to: Arnd Bergmann: "[PATCH 2/2] mm, cma: use literal printf format string"
Next in thread: David Hildenbrand: "Re: [PATCH 2/2] mm, cma: use literal printf format string"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 24 Feb 2025, at 9:07, Arnd Bergmann wrote:

> From: Arnd Bergmann <arnd@xxxxxxxx>
>
> Using a variable string as a printf format can be a security issue
> that clang warns about when extra warnings are enabled:
>
> mm/cma.c:239:37: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
> 239 | snprintf(cma->name, CMA_MAX_NAME, name);
> | ^~~~
>
> This one does not appear to be a security issue since the string is
> not user controlled, but it's better to avoid the warning.
> Use "%s" as the format instead and just pass the name as the argument.
>
> Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
> ---
> mm/cma.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
LGTM. Reviewed-by: Zi Yan <ziy@xxxxxxxxxx>

Best Regards,
Yan, Zi

Next message: Alexandre Mergnat: "Re: [PATCH] dt-bindings: usb: mtu3: Add ports property"
Previous message: Alexander Stein: "[PATCH v2 6/6] arm64: dts: tqma9352-mba93xxca: Add LVDS overlay"
In reply to: Arnd Bergmann: "[PATCH 2/2] mm, cma: use literal printf format string"
Next in thread: David Hildenbrand: "Re: [PATCH 2/2] mm, cma: use literal printf format string"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]