LinuxLists.cc - Re: [linux-usb-devel] [RFC] consolidate /sbin/hotplug call for pci and usb

2002-09-26 00:28:35

Subject: Re: [linux-usb-devel] [RFC] consolidate /sbin/hotplug call for pci and usb

David Brownell <[email protected]> writes:

> > + /* stuff we want to pass to /sbin/hotplug */
> > + envp[i++] = scratch;
> > + scratch += sprintf (scratch, "PCI_CLASS=%04X", pdev->class) + 1;
> > +
> > + envp[i++] = scratch;
> > + scratch += sprintf (scratch, "PCI_ID=%04X:%04X",
> > + pdev->vendor, pdev->device) + 1;
>
> And so forth. Use "snprintf" and prevent overrunning those buffers...

Hmm? An %04X format is perfectly bounded.

-Andi

2002-09-26 00:41:03

by Matthew Dharm

[permalink] [raw]

Subject: Re: [linux-usb-devel] [RFC] consolidate /sbin/hotplug call for pci and usb

On Thu, Sep 26, 2002 at 02:33:50AM +0200, Andi Kleen wrote:
> David Brownell <[email protected]> writes:
>
> > > + /* stuff we want to pass to /sbin/hotplug */
> > > + envp[i++] = scratch;
> > > + scratch += sprintf (scratch, "PCI_CLASS=%04X", pdev->class) + 1;
> > > +
> > > + envp[i++] = scratch;
> > > + scratch += sprintf (scratch, "PCI_ID=%04X:%04X",
> > > + pdev->vendor, pdev->device) + 1;
> >
> > And so forth. Use "snprintf" and prevent overrunning those buffers...
>
> Hmm? An %04X format is perfectly bounded.

Technically, it isn't bounded. The field will expand if the value exceeds
4 digits.

However, these values can't do that. At least not now.

But, as a good programming practice, snprintf should be used. Heck, PCI
3.0 might use 32-bit vendor and device values, instead of 8 bit. So, if
nothing else, do it as insurance for the future.

Matt

--
Matthew Dharm Home: [email protected]
Maintainer, Linux USB Mass Storage Driver

It was a new hope.
-- Dust Puppy
User Friendly, 12/25/1998

Attachments:

(No filename) (1.05 kB)
(No filename) (232.00 B)
Download all attachments

2002-09-26 00:55:53

by Andi Kleen

[permalink] [raw]

Subject: Re: [linux-usb-devel] [RFC] consolidate /sbin/hotplug call for pci and usb

On Wed, Sep 25, 2002 at 05:46:12PM -0700, Matthew Dharm wrote:
> On Thu, Sep 26, 2002 at 02:33:50AM +0200, Andi Kleen wrote:
> > David Brownell <[email protected]> writes:
> >
> > > > + /* stuff we want to pass to /sbin/hotplug */
> > > > + envp[i++] = scratch;
> > > > + scratch += sprintf (scratch, "PCI_CLASS=%04X", pdev->class) + 1;
> > > > +
> > > > + envp[i++] = scratch;
> > > > + scratch += sprintf (scratch, "PCI_ID=%04X:%04X",
> > > > + pdev->vendor, pdev->device) + 1;
> > >
> > > And so forth. Use "snprintf" and prevent overrunning those buffers...
> >
> > Hmm? An %04X format is perfectly bounded.
>
> Technically, it isn't bounded. The field will expand if the value exceeds
> 4 digits.

It is bounded to 8 characters on linux systems (where int is always 32bit)

-Andi