I am going to quote Lee Jones who has been doing some snprintf ->
scnprintf refactorings:
"There is a general misunderstanding amongst engineers that
{v}snprintf() returns the length of the data *actually* encoded into the
destination array. However, as per the C99 standard {v}snprintf()
really returns the length of the data that *would have been* written if
there were enough space for it. This misunderstanding has led to
buffer-overruns in the past. It's generally considered safer to use the
{v}scnprintf() variants in their place (or even sprintf() in simple
cases). So let's do that."
To help prevent new instances of snprintf() from popping up, let's add a
check to checkpatch.pl.
Suggested-by: Finn Thain <[email protected]>
Signed-off-by: Justin Stitt <[email protected]>
---
From a discussion here [1].
[1]: https://lore.kernel.org/all/[email protected]/
---
scripts/checkpatch.pl | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 9c4c4a61bc83..bb4e99c818a9 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -7012,6 +7012,12 @@ sub process {
"Prefer strscpy, strscpy_pad, or __nonstring over strncpy - see: https://github.com/KSPP/linux/issues/90\n" . $herecurr);
}
+# snprintf uses that should likely be {v}scnprintf
+ if ($line =~ /\snprintf\s*\(\s*/) {
+ WARN("SNPRINTF",
+ "Prefer scnprintf over snprintf\n" . $herecurr);
+ }
+
# ethtool_sprintf uses that should likely be ethtool_puts
if ($line =~ /\bethtool_sprintf\s*\(\s*$FuncArg\s*,\s*$FuncArg\s*\)/) {
if (WARN("PREFER_ETHTOOL_PUTS",
---
base-commit: b401b621758e46812da61fa58a67c3fd8d91de0d
change-id: 20240221-snprintf-checkpatch-a864ed67ebd0
Best regards,
--
Justin Stitt <[email protected]>
On Wed, Feb 21, 2024 at 2:05 PM Justin Stitt <[email protected]> wrote:
>
> I am going to quote Lee Jones who has been doing some snprintf ->
> scnprintf refactorings:
>
> "There is a general misunderstanding amongst engineers that
> {v}snprintf() returns the length of the data *actually* encoded into the
> destination array. However, as per the C99 standard {v}snprintf()
> really returns the length of the data that *would have been* written if
> there were enough space for it. This misunderstanding has led to
> buffer-overruns in the past. It's generally considered safer to use the
> {v}scnprintf() variants in their place (or even sprintf() in simple
> cases). So let's do that."
>
> To help prevent new instances of snprintf() from popping up, let's add a
> check to checkpatch.pl.
>
> Suggested-by: Finn Thain <[email protected]>
> Signed-off-by: Justin Stitt <[email protected]>
> ---
> From a discussion here [1].
>
> [1]: https://lore.kernel.org/all/[email protected]/
> ---
> scripts/checkpatch.pl | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index 9c4c4a61bc83..bb4e99c818a9 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -7012,6 +7012,12 @@ sub process {
> "Prefer strscpy, strscpy_pad, or __nonstring over strncpy - see: https://github.com/KSPP/linux/issues/90\n" . $herecurr);
> }
>
> +# snprintf uses that should likely be {v}scnprintf
> + if ($line =~ /\snprintf\s*\(\s*/) {
> + WARN("SNPRINTF",
> + "Prefer scnprintf over snprintf\n" . $herecurr);
Whoops, I dropped the \b with some poor vim skills.
v2 is up.
[v2]: https://lore.kernel.org/r/[email protected]
> + }
> +
> # ethtool_sprintf uses that should likely be ethtool_puts
> if ($line =~ /\bethtool_sprintf\s*\(\s*$FuncArg\s*,\s*$FuncArg\s*\)/) {
> if (WARN("PREFER_ETHTOOL_PUTS",
>
> ---
> base-commit: b401b621758e46812da61fa58a67c3fd8d91de0d
> change-id: 20240221-snprintf-checkpatch-a864ed67ebd0
>
> Best regards,
> --
> Justin Stitt <[email protected]>
>