Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp1032036pxb;
        Sat, 17 Apr 2021 04:42:14 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJypuhI7HSgEhu7b7lNa52IoaBYluGYZpmEzZUvWZS8COdjNSolp1cnJhV8Gmo4cOm95Yt+i
X-Received: by 2002:a63:d815:: with SMTP id b21mr3205850pgh.217.1618659734206;
        Sat, 17 Apr 2021 04:42:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1618659734; cv=none;
        d=google.com; s=arc-20160816;
        b=0Q/y6UByU8bRhS0SOjdB5TWVj4rGvXJ4EvKpFWRkkM8y4WpcdSfp7QHqFli/Rb5yM4
         QurCWeF+MXAvOAxv6FFBbYk8lRmSAuO4UQYNweqAwlTJCt1r/1kzpFsyZ+my1FSy6Mjr
         04BzDTsvBMyvO1+1hb6HrlMeRw1K2NvhVvpMuS9KP8UOm0NR0NLUp68ROz1Kt/3baQ4/
         59b6EhjpPKX7m+U0u3gvYD5GetDOwg6/P/4NeyF86QbWHP536QFlHr6aZnRKtBu3Fa4B
         MlCnz6o+IpUVaE776Qjc2WOMQTkcyQ5uUYG5cQ/PEDJBvhDQoxQEhMEdkiVAF9mElRjW
         ozDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :mime-version:accept-language:in-reply-to:references:message-id:date
         :thread-index:thread-topic:subject:cc:to:from;
        bh=L/22cQJRwmC9YbqfjBI3xShnL6JzRcmAYo1fvKX8tWY=;
        b=HQrKVol5MVYi6yLvMoBwSPYSqAnZD0piBG6DwZLPRXjDFsTXy+FSOb4JDP93C0BI5a
         3aJ7JE0o4cYol2rI+3tLxMLwDJFnTLY2B642Xh4K44i/0s5dFCFC0lq4FMEbtyrsfJpK
         PmKvv3alxr86a/yb8r0JaSXRmBIgFZKvX97GFh2ek4c8/61yXAvO9E9lL2z3kGVXjPZr
         ImYpnf07v1+PqI/XbaP4+cmXg8Mbb0ngJ1JfTAx1s0YORAxHUOFY2DQFgaEYcNoPFDH7
         oMjYATZBnk9NWZJFEVAWhgWexKQrky+MjOozmIIdBoNv10wFwolx3QDxKNgNbD63aJQv
         wUug==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e5si10115975plt.228.2021.04.17.04.42.01;
        Sat, 17 Apr 2021 04:42:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236186AbhDQLj7 convert rfc822-to-8bit (ORCPT
        <rfc822;lishoy@gmail.com> + 99 others);
        Sat, 17 Apr 2021 07:39:59 -0400
Received: from eu-smtp-delivery-151.mimecast.com ([185.58.85.151]:44938 "EHLO
        eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S231387AbhDQLj6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 17 Apr 2021 07:39:58 -0400
Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) (Using
 TLS) by relay.mimecast.com with ESMTP id
 uk-mta-286-5uilHBoVOxeAFJZU7Wda9w-1; Sat, 17 Apr 2021 12:39:29 +0100
X-MC-Unique: 5uilHBoVOxeAFJZU7Wda9w-1
Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by
 AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP
 Server (TLS) id 15.0.1497.2; Sat, 17 Apr 2021 12:39:29 +0100
Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by
 AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id
 15.00.1497.015; Sat, 17 Apr 2021 12:39:29 +0100
From:   David Laight <David.Laight@ACULAB.COM>
To:     "'Maciej W. Rozycki'" <macro@orcam.me.uk>,
        Joe Perches <joe@perches.com>
CC:     Khalid Aziz <khalid@gonehiking.org>,
        "James E.J. Bottomley" <jejb@linux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        Christoph Hellwig <hch@lst.de>,
        "linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: RE: [PATCH 1/5] scsi: BusLogic: Fix missing `pr_cont' use
Thread-Topic: [PATCH 1/5] scsi: BusLogic: Fix missing `pr_cont' use
Thread-Index: AQHXMq4Y+WsIhBBiNEu36L38d+a4baq4klBA
Date:   Sat, 17 Apr 2021 11:39:28 +0000
Message-ID: <6679310a77984cc0af9f48f5616b840c@AcuMS.aculab.com>
References: <alpine.DEB.2.21.2104141244520.44318@angie.orcam.me.uk>
  <alpine.DEB.2.21.2104141419040.44318@angie.orcam.me.uk>
 <787aae5540612555a8bf92de2083c8fa74e52ce9.camel@perches.com>
 <alpine.DEB.2.21.2104161224300.44318@angie.orcam.me.uk>
In-Reply-To: <alpine.DEB.2.21.2104161224300.44318@angie.orcam.me.uk>
Accept-Language: en-GB, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.202.205.107]
MIME-Version: 1.0
Authentication-Results: relay.mimecast.com;
        auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: aculab.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Maciej W. Rozycki
> Sent: 16 April 2021 11:49
> 
> On Thu, 15 Apr 2021, Joe Perches wrote:
> 
> > In patch 2, vscnprintf should probably be used to make sure it's
> > 0 terminated.
> 
>  Why?  C99 has this[1]:
> 
> "The vsnprintf function is equivalent to snprintf, with the variable
> argument list replaced by arg, which shall have been initialized by the
> va_start macro (and possibly subsequent va_arg calls)."

vscnprintf() is normally the function you want (not vsnprintf())
because the return value is the number of characters actually
put into the buffer, not the number that would have been written
had the buffer been long enough.
Return values larger than the buffer size are almost never
allowed for - and are probably a set of 'buffer overflow' bugs.

While probably justified by saying that it lets you malloc()
a big enough buffer and try again, the return value is almost
certainly just historic.

The original sprintf() libc code allocated a FILE structure on
stack set to fully-buffered with the current buffer pointer set
to the caller's buffer and a buffer length of MAXINT.
It then just called vprintf() to do the work.

snprintf() was done the same way, except the buffer length was
set and the 'write character' (or 'flush buffer') function
intercepted to avoid writes beyond the buffer end.
(Possibly by re-routing the writes to a global buffer.)
The return value from vprintf() gets returned to the user.

The Unix versions have always '\0' terminated the buffer.
Only Microsoft has ever released an snprintf() that doesn't
'\0' terminate the output - another source of bugs.

Personally I think bounded string functions should
return the buffer size on overflow.
This means sequences of:
	offset += xxx(buf + offset, sizeof buf - offset, ...);
are safe and the overflow can be detected right at the end.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)